Moderator note: Numerous old posts requesting help with this tutorial have been removed. Forum rules indicate, "Don't add support questions to tutorials please."
If you are having problems with any of the steps, please create a new topic and ask for help in the new topic.
HOWTO: Recover files from encrypted ecryptfs home directory
Forum rules
Don't add support questions to tutorials; start your own topic in the appropriate sub-forum instead. Before you post read forum rules
Don't add support questions to tutorials; start your own topic in the appropriate sub-forum instead. Before you post read forum rules
Re: HOWTO: Recover files from encrypted ecryptfs home directory
A woman typing on a laptop with LM20.3 Cinnamon.
- PandaHugMonster
- Level 1
- Posts: 1
- Joined: Sat Mar 18, 2023 11:18 am
- Location: Wien, Austria
- Contact:
Re: HOWTO: Recover files from encrypted ecryptfs home directory
Good day. I have just registered to add some useful info for the people struggling with the same issues. The main instructions-answer above is great, but
I had weird decryption problems, and wanted to spare some time not resolving them.
I have found easier way to do that work (just a single command tbh).
Get into the folder of your old drive "/home/.ecryptfs" and then run "ecryptfs-recover-private" command pointing to your ".Private"
Answer to all questions and enter your LOGIN password of that previous installation. Output would be something like that:
I had weird decryption problems, and wanted to spare some time not resolving them.
I have found easier way to do that work (just a single command tbh).
Get into the folder of your old drive "/home/.ecryptfs" and then run "ecryptfs-recover-private" command pointing to your ".Private"
Code: Select all
cd /[YOUR_MOUNTED_OLD_DRIVE]/home/.ecryptfs/[YOUR_USER_NAME]/.ecryptfs;
ecryptfs-recover-private .Private;
Code: Select all
INFO: Found [.Private].
Try to recover this directory? [Y/n]:
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n]
INFO: Enter your LOGIN passphrase...
Passphrase:
Inserted auth tok with sig [****] into the user session keyring
INFO: Success! Private data mounted at [/tmp/ecryptfs.****].
Panda Hugs Monsters
Re: HOWTO: Recover files from encrypted ecryptfs home directory
Thanks for adding that, very useful.
Re: HOWTO: Recover files from encrypted ecryptfs home directory
pandahugmonster, that saved me. Using the original method discussed I was asked lots of questions about how many bits and what encrytpion algo was used and it always errored out but your method worked easy squeezy, got my password file that accidentally got overwritten by an older version. Thank you.
Re: HOWTO: Recover files from encrypted ecryptfs home directory
Spent the past few days learning about eCryptfs, as it came up in a recent thread and decided was time to understand at least the basics.
One of the things I tested was the topic of this tutorial, i.e., how to recover files from outside the system. Happy to confirm the main tutorial works fine. A bit complicated, but encryption is a complicated thing. Alas, the simple procedure (posted above) using ecryptfs-recover-private no longer works. That is, it works if booting a live session of LM20, but not a live session of LM21 or LMDE6 (returns a keyring error). By the way, I found cd to the folder fiddly permissions-wise. This form of the command is easier: sudo ecryptfs-recover-private /media/mint/<partition>/home/.ecryptfs/<username>/.Private.
Another thing I tested (relevant to that recent thread) was how to unwind eCryptfs. Obviously one can copy out the user files and reinstall, but most folks would prefer to avoid reinstall. Unfortunately, per the documentation, there is no way to decrypt the files in place. What can be done is copy them out, delete the eCryptfs files and folders, then restore the user files. Only wrinkle is that permissions of the user's home folder need to be corrected (for reasons I never found explained, eCryptfs gives the folder very restricted permissions).
There are two ways to do this, from the installed system or with a live session. Describing without jot-and-squiggle detail:
Indeed, I'd say no one should attempt this unless they're prepared to reinstall if things go sideways.
Will mention one other point. I understand the appeal of eCryptfs. It's super easy to set up (just tick a box). There are better options, though. Most people only need to encrypt a small subset of their files. VeraCrypt will do that very nicely. Or use LUKS to encrypt a flash drive or a partition on hard drive, internal or USB (the latter is what I do). If keen to encrypt everything in home, LUKS can do that also.
Whatever strategy you choose, make backups. Several of them. Then you never need to figure out how to get this tutorial to work.
One of the things I tested was the topic of this tutorial, i.e., how to recover files from outside the system. Happy to confirm the main tutorial works fine. A bit complicated, but encryption is a complicated thing. Alas, the simple procedure (posted above) using ecryptfs-recover-private no longer works. That is, it works if booting a live session of LM20, but not a live session of LM21 or LMDE6 (returns a keyring error). By the way, I found cd to the folder fiddly permissions-wise. This form of the command is easier: sudo ecryptfs-recover-private /media/mint/<partition>/home/.ecryptfs/<username>/.Private.
Another thing I tested (relevant to that recent thread) was how to unwind eCryptfs. Obviously one can copy out the user files and reinstall, but most folks would prefer to avoid reinstall. Unfortunately, per the documentation, there is no way to decrypt the files in place. What can be done is copy them out, delete the eCryptfs files and folders, then restore the user files. Only wrinkle is that permissions of the user's home folder need to be corrected (for reasons I never found explained, eCryptfs gives the folder very restricted permissions).
There are two ways to do this, from the installed system or with a live session. Describing without jot-and-squiggle detail:
Boot system. Update backups of home folder, making sure to include hidden files and folders.
- Get this right. We're going to delete the ecryptfs folder and everything in it, then restore from backup.
With Users & Groups, create a new user with admin privileges. Switch to new user (logout-login).
Open File Manager; open as Root/Admin (option on right-click menu); show hidden (Ctrl-H). Delete .ecryptfs folder in /home.
Reboot, logging in as new admin user. Due to a bug, this is the only way to clear the eCryptfs mount.
Fix permissions on main user's home folder: sudo chmod 755 /home/<username>. Confirm: ls -la /home (looking for drwxr-xr-x).
Again using File Manager as Root/Admin, delete remaining files in main user's home folder.
Copy in files and folders from backup; delete (now broken) symlinks to .ecryptfs and .Private.
Switch to main user (logout-login). If desired, remove admin user created above.
Here's how to do it with a live session:
- Get this right. We're going to delete the ecryptfs folder and everything in it, then restore from backup.
With Users & Groups, create a new user with admin privileges. Switch to new user (logout-login).
Open File Manager; open as Root/Admin (option on right-click menu); show hidden (Ctrl-H). Delete .ecryptfs folder in /home.
Reboot, logging in as new admin user. Due to a bug, this is the only way to clear the eCryptfs mount.
Fix permissions on main user's home folder: sudo chmod 755 /home/<username>. Confirm: ls -la /home (looking for drwxr-xr-x).
Again using File Manager as Root/Admin, delete remaining files in main user's home folder.
Copy in files and folders from backup; delete (now broken) symlinks to .ecryptfs and .Private.
Switch to main user (logout-login). If desired, remove admin user created above.
With the system booted, update home folder backups, including hidden files and folders. Shutdown.
Boot live session. With Disks, mount partition with encrypted home folder (usually the system partition); also mount backup.
Open File Manager as Root/Admin; type Ctrl-H (show hidden files and folders); click partition-with-eCryptfs in navigation pane.
Double-click home folder to open; delete .ecryptfs sub-folder; open user's sub-folder, delete everything in it.
Open two pane view (F3); click on backup, to display in left pane; user's sub-folder should already be in the right pane.
Copy files and folders from left pane to right. Delete (now broken) symlinks to .ecryptfs and .Private in right pane.
- If preferred, another method (e.g., rsync) may be used to copy the files, of course.
Go up one level; right-click user's sub-folder; select Properties > Permissions.
Change user's permissions to Create and delete files; change latter two boxes to 'Access Files'.
- Alternatively, open Terminal and run sudo chmod 755 /media/mint/<partition>/home/<username>.
Shutdown live session. Boot installed system. Confirm files are intact and accessible.
Disclaimer: I've tested both procedures in a virtual machine, but can't promise there aren't unexpected problems in complex cases. Boot live session. With Disks, mount partition with encrypted home folder (usually the system partition); also mount backup.
Open File Manager as Root/Admin; type Ctrl-H (show hidden files and folders); click partition-with-eCryptfs in navigation pane.
Double-click home folder to open; delete .ecryptfs sub-folder; open user's sub-folder, delete everything in it.
Open two pane view (F3); click on backup, to display in left pane; user's sub-folder should already be in the right pane.
Copy files and folders from left pane to right. Delete (now broken) symlinks to .ecryptfs and .Private in right pane.
- If preferred, another method (e.g., rsync) may be used to copy the files, of course.
Go up one level; right-click user's sub-folder; select Properties > Permissions.
Change user's permissions to Create and delete files; change latter two boxes to 'Access Files'.
- Alternatively, open Terminal and run sudo chmod 755 /media/mint/<partition>/home/<username>.
Shutdown live session. Boot installed system. Confirm files are intact and accessible.
Indeed, I'd say no one should attempt this unless they're prepared to reinstall if things go sideways.
Will mention one other point. I understand the appeal of eCryptfs. It's super easy to set up (just tick a box). There are better options, though. Most people only need to encrypt a small subset of their files. VeraCrypt will do that very nicely. Or use LUKS to encrypt a flash drive or a partition on hard drive, internal or USB (the latter is what I do). If keen to encrypt everything in home, LUKS can do that also.
Whatever strategy you choose, make backups. Several of them. Then you never need to figure out how to get this tutorial to work.
Re: HOWTO: Recover files from encrypted ecryptfs home directory
Be careful! Here is my story:
1. On a USB drive I have a Timeshift snapshot of an encrypted `/home` directory (I know, I shouldn't use Timeshift to do such thing but pls bear with me)
2. On a laptop I have a cleanly installed Linux Mint 21.3
Using the HOWTO instructions, I was able to successfully mount the encrypted
My guess is that mounting stuff from within the USB on top of
1. On a USB drive I have a Timeshift snapshot of an encrypted `/home` directory (I know, I shouldn't use Timeshift to do such thing but pls bear with me)
2. On a laptop I have a cleanly installed Linux Mint 21.3
Using the HOWTO instructions, I was able to successfully mount the encrypted
/home
onto my laptop's /media
directory but everything went haywire after a reboot. Somehow the entire /home/<user>
was wiped from my laptop and I got stuck in a login loop.My guess is that mounting stuff from within the USB on top of
/media
(where USB is originally mounted) has created some sort of a loop. The "unmount" upon reboot just wiped everything from my laptop.