There are a few step you need to take.
First get the mount password phrase
Code: Select all
ecryptfs-unwrap-passphrase /home/.ecryptfs/ubuntu_user/.ecryptfs/wrapped-passphrase
The password you need to give for this is the login password.
The string you get now is the encryption key (
KEY1)
We need to get a special signature that will be used later for decrypting filenames (standard in Ubuntu >= 9.04)
Code: Select all
sudo ecryptfs-add-passphrase --fnek
(note: first you will need to enter your sudo password and then the mount passphrase (
KEY1))
Pay attention to the
second "Inserted auth tok with sig" line and note down the value in square brackets (eg. 66a9f57af69a86ba) (
KEY2) as we will need this signature later.
The actual decryption
Code: Select all
sudo mount -t ecryptfs /media/disk-3/home/.ecryptfs/ubuntu_user/.Private/ /mnt/encrypteddrive
- You will be asked a series of questions
- Enter the mount phrase when asked for the passphrase (KEY1)
- Select aes as the encryption cipher
- Select 16 bytes as the key length
- Enter n for enabling of plaintext passthrough
- Enter y for filename encryption (if you obtained the special signature in the earlier step)
- Enter the special signature from earlier when you are prompted for the Filename Encryption Key (FNEK) Signature (KEY2)
Now you should be able to access the unencrypted files in /mnt/encrypteddrive.
note:
The first time you mount an unencrypted file system,
you get the following message:
Code: Select all
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.
You can safely ignore this.