Trying to recover encrypted home folder

[katrina]

Hi, everyone.

I revived an old netbook with Linux Mint 15 (Olivia) sometime last year and encrypted the disk. I can remember the passphrase for the disk but have forgotten my admin password, so while I can start Mint, I can't get past the login screen.

I tried booting from a live USB stick and changing the password from there, but so far, it isn't working. So, I tried another route, this other tutorial on recovering an encrypted home folder while using a live USB/CD.

I get as far as "sudo nemo", and I manage to find my old home folder with this file, "Access-your-private-data.desktop", inside it. Unfortunately, double-clicking it doesn't do anything. Is there something I'm missing?

[xenopeek]

First, if you change the password for your encrypted account without being logged in with that account--you won't be able to recover the encrypted files. Else encryption would be a bit useless, as root could just change your password and access your files (so no, root can't).

You could try these steps from a LiveCD session: https://web.archive.org/web/20161216114 ... /Ecryptfs/. I'm not sure as to whether you need to know your password for that or not.

[katrina]

After following this tutorial, I'm able to open a /tmp/ecryptfs.<gibberish> folder. Unfortunately, the folders and files inside are still in gibberish.

[katrina]

I haven't been able to change my password. To be honest, as a newbie, I'm pretty confused by "login passphrase" and "mount passphrase". In the simplest terms, when I turn on my netbook, I see a black screen with a lock icon and an input box, and I know the password for that. Then it starts Mint and gets to the login screen — that's the password I've forgotten.

[xenopeek]

Below are my notes about how to recover an encrypted home folder, which I've used successfully in the past. Replace /dev/sda1 with the partition id of your home (or root if not separate) partition, and replace username with your username. If the "su - username" command asks for your password, first become root with "sudo -i" (to become root) and then try again. I can't recall if it asks for your password or not, so

Code: Select all

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	RECOVERY OF AN ENCRYPTED HOME DIRECTORY WITH A LIVECD
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Mount the disk partition containing the Encrypted Home Directory
sudo mount /dev/sda1 /mnt

# Establish a proper chroot environment
sudo mount -o bind /dev /mnt/dev
sudo mount -o bind /dev/shm /mnt/dev/shm
sudo mount -o bind /proc /mnt/proc
sudo mount -o bind /sys /mnt/sys
sudo chroot /mnt

# Become the user whose data needs recovery and manually add the necessary mount
# passphrase to the kernel session keyring
su - username
ecryptfs-add-passphrase --fnek

# Mount the encrypted directory and then access the data
ecryptfs-mount-private
cd $HOME

[katrina]

Thanks! I'll try this when I get home and report back.

[xenopeek]

To set expectations right, the "ecryptfs-add-passphrase --fnek" command will ask for you to provide your mount passphrase. After the final command you can run the following command to list the files in your home directory:

Code: Select all

ls

If they aren't gibberish now, you can probably open your file manager here. For Cinnamon you'd run:

Code: Select all

nemo .

For MATE, replace nemo with caja. For KDE with dolphin. For Xfce with thunar. The dot in the command is to indicate the file manager should open on your current directory.

[katrina]

Sorry, I got stuck at "Establish a chroot environment"; the terminal said that mount point /mnt/dev does not exist.

[xenopeek]

Hm. Are you sure the command before it was correct?

Code: Select all

sudo mount /dev/sda1 /mnt

In fact /dev/sda1 should be of your root partition. Do you have a separate /home partition? If you didn't do a manual partitioning during installation, the answer is no.

If you're not sure which /dev/sd?? you should use, boot from the Linux Mint DVD and run this command (that's the letter l at the end, not number 1):

Code: Select all

sudo parted -l

That will show all your partitions in detail. The ones from the Linux Mint DVD will also be there. Probably you can spot your hard disk's root partition based on its size, else share here for help (see terminal's Edit menu for copying text).

[katrina]

Here are the results of parted -l:

Code: Select all

Model: ATA WDC WD1600BEVT-2 (scsi)
Disk /dev/sda: 160GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number  Start   End    Size   Type      File system  Flags
 1      1049kB  256MB  255MB  primary   ext2         boot
 2      257MB   160GB  160GB  extended
 5      257MB   160GB  160GB  logical

Thanks for taking the time to help me, by the way.

[xenopeek]

Looks like you have a separate boot partition. I think you should mount /dev/sda5. So follow my guide again but replace the first command with:

Code: Select all

sudo mount /dev/sda5 /mnt

[katrina]

This time, I got "unknown filesystem crypto_LUKS". I feel so close yet so far.

[xenopeek]

Oh... Then you don't have an encrypted home folder, but you have full disk encryption. I haven't tried this put pulled hints from http://blog.miketoscano.com/?p=72 and it may work.

Again, boot from the Linux Mint installation DVD. Open a terminal and become root with this command:

Code: Select all

sudo -i

Next, run this command to unlock your partition--it should prompt for your passphrase:

Code: Select all

cryptsetup luksOpen /dev/sda5 sda5_crypt

Next, see which volumes are available inside the encrypted partition:

Code: Select all

lvdisplay

Enable the logical volume for your root partition, replace "volumename" with the name of the correct volume:

Code: Select all

vgchange -a y volumename

Now you should be able to mount it. Again, replace "volumename":

Code: Select all

mount -t ext4 /dev/volumename/home /mnt

Your home folders from the encrypted partition should now have been mounted to /mnt and you should be able to copy files from there.

[katrina]

There wasn't a /dev/volumename/home, only a /dev/volumename/root. So, I mounted that at /mnt and then opened /mnt in nemo, but I then ran into the same problem; there's an access-your-private-data.desktop file inside that does nothing.

[xenopeek]

Ouch... Then I've run out of ideas on how to get you your files back

[katrina]

Well, thanks for all your time and help, xenopeek. I really do appreciate it. I'll just post again here if I ever find anything.