ecryptfs passphrase getting corrupted.

[michaud]

I am running Linux Mint 18.04, Cinnamon fully patched and have had two instances of this issue. I change my password and then am unable to logon with my non-root logon. In the logs it indicates that it was unable to decrypt using the passphrase. When I manually try to decyrpt the folder it gives me an error that I have never decrypted using the passphrase and all of the files are of the ENCRPTFS_FENK_ECRYPTED type and I cannot navigate this. I have tried updating the keyring and it reports back that it was successful, but, I continue to have same issue.

This is the second time this has happened. The only thing unusual with the passwords are that they have punctuation in them. One had a leading colon and the other had a trailing semicolon. Does this cause the update of the keyring to get corrupted? Is there any way to recover from that?

[michaud]

I tried changing the password and that did not help. It seems the key ring is corrupt.

[gm10]

I change my password and then am unable to logon with my non-root logon.

This begs the question, how do you change your password? By the default the root account is locked, but it seems you unlocked it. If you change your user account password from your root account then you only change the account password but you won't cause the passphrase to get re-encrypted with that. This is completely working as intended.

[michaud]

I have kept on playing with this and whenever I run an ecryptfs-recover-private or do a mount -t ecryptfs /home/homedir/.Private /home/homedir/Private it pops an error saying that the passphrase has never been used to mount this file system and is likely incorrect. I have tried all 3 passwords that are at play and they all do the same thing. The files subsequently get mounted in the Private folder with the ECRYPTFS_FNEK_ENCRYPTED naming convention.

Is there more information I can send you? I find it difficult to believe that this uncharted territory as this is the second time this has happened to me. Is anyone able to provide any measure of insight into this?

[michaud]

Sorry GM10. I missed your reply.

Yes, I ran a passwd username from a root prompt. Is there anyway to recover from this?

[michaud]

Ouch GM10, I can see where that is a security measure. Is there a proper way to change a custom user password? Do I have to go to users in preferences? Does that work?

[gm10]

If you change your user password from within your user account (i.e. at a point in time where you already had to enter your user password) then the system will automatically handle the encryption key. So running just $ passwd from within your user session is fine. Running # passwd <username> is bad.

You can quite easily recover from this as long as you recall your old password that was used to encrypt the passphrase. Just run ecryptfs-mount-private and use the old password to mount your home folder. Then run ecryptfs-rewrap-passphrase ~/.ecryptfs/wrapped-passphrase to re-encrypt the passphrase with your current password.

[michaud]

Really appreciate the info gm10. Thanks.

New issue is that the Ecryptfs_fnek_encrypted files seem to be persistent in the /home/username/.Private folder and I cannot clear them. This is causing the mount to fail with the following error.

ERROR: Encrypted private directory is not setup properly.

Rebooting does not clear it.

[gm10]

Are you trying to mount this as root or as your user? If you logged in as root you can switch the context via su <username>.
If the mount still fails after that, you can try a recovery via sudo ecryptfs-recover-private, but that's the fall-back option.

[michaud]

Thanks again, gm10. It is now working.