April 27, 2011 · Security · Email This Post

Sponsored Link
This utility is intended to help eCryptfs recover data from their encrypted home or encrypted private partitions. It is useful to run this from a LiveISO or a recovery image. It must run under sudo or with root permission, in order to search the filesystem and perform the mounts.

The program can take a target encrypted directory on the command line.If unspecified, the utility will search the entire system looking for encrypted private directories, as configured by ecryptfs-setup-private.

If an encrypted directory and a wrapped-passphrase file are found, the user is prompted for the login (wrapping) passphrase, the keys are inserted into the keyring, and the data is decrypted and mounted.

If no wrapped-passphrase file is found, the user will be prompted for their mount passphrase. This passphrase is typically 32 characters of [0-9a-f]. All users are prompted to urgently record this randomly generated passphrase when they first setup their encrypted private directory.

The destination mount of the decrypted data is a temporary directory,in the form of /tmp/ecryptfs.XXXXXXXX.

Procedure to follow

If you find yourself in a situation where you need to recover your Encrypted Home or Encrypted Private directory, simply:

1)boot the target system using an Ubuntu 11.04 Desktop LiveCD

2)make sure that your target system's hard drive is mounted

3)open a terminal and run ‘sudo ecryptfs-recover-private'follow the prompts

access your decrypted data and save somewhere else

The utility will do a deep find of the system's hard disk, looking for folders named ".Private", and will interactively ask you if it's the folder you'd like to recover. If you answer "yes", you will then be prompted for the login passphrase that's used to decrypt your wrapped, mount passphrase. Assuming you have the correct credentials, it will mount your Encrypted Home or Private directory in read-only mode, and point you at the temporary directory where it's mounted.

Credit goes here

Sponsored Link

Incoming search terms:

Related posts

5 Comments to “Recover your Encrypted Private Directory using ecryptfs-recover-private”

  1. Jerad says:

    Very cool. I’ve been waiting for an easy way to recover the data if the os wont boot. Think it is finally time to make the jump and encrypt my /home.

    [Reply]

  2. Adrian McBrain says:

    I do Linux support for a living.

    I have twice now seen this completely hose someones home on an update, and many more times destroy folks home who did not keep that key. I always just create an extra encrypted reiserfs filesystem, i have *never* had a problem with that (or a truecrypt partition either).

    Encryptfs however, should still be considered beta and given its track record certainly should not even be an option to use on your home, unless you enjoy reinstalling.

    [Reply]

  3. Boomer says:

    No doubt it is a much needed tool and new to Linux, after spending weeks trying to make sense of posts about encrypted file recovery, I was successful getting to look at my files; however, an important part of getting to see them is omitted from most post. In the same terminal you use to create your /tmp/ecryptfs.xxxxx file you must launch “sudo gksu nautilus” to gain access.

    Futhermore, I’ve yet to find instructions how to copy a “read only” file to another venue.

    I agree with Adrian McBrain that the eCryptfs program is flawed which caused my Ubuntu 10.10 to crash during an update and left it unable to boot.

    [Reply]

  4. Luciano says:

    Hi guys,

    I have a problem with encryptfs. If you can help me to solve this problem I can pay you.

    The problem is this. 2 month ago I’ve upgraded the server from Ubuntu 9 to Ubuntu 10.
    Filesystem was encrypted.
    Now when I try to recover data using this command I receive an error message that say , unable to find Private.sig.
    This file does not exist into the server. But I never delete it.
    How can I recover the encrypted files?
    Can you help me?

    This is the message (partial in Italian):
    root@ipomea-server:/mnt/home/.ecryptfs/ipomea/.ecryptfs# ecryptfs-recover- private
    INFO: Searching for encrypted private directories (this might take a while)…
    INFO: Found [/mnt/home/.ecryptfs/ipomea/.Private].
    Try to recover this directory? [Y/n]: y
    INFO: Enter your LOGIN passphrase…
    Passphrase:
    Inserted auth tok with sig [43db473de7xxxxb] into the user session keyring
    sed: impossibile leggere /mnt/home/.ecryptfs/ipomea/.Private/../.
    ecryptfs/Private.sig: File o directory non esistente root@xxxxxx-server:/mnt/home/.ecryptfs/xxxxxx/.ecryptfs#

    File o directory non esistente: means file or directory doesn’t exists.

    [Reply]

  5. Ali Alghamdi says:

    I have a 12.04 that I can no longer boot by I still need my encrypted data.
    I used a live ubuntu USB 12.04, mounted the partition where I had my data, and used sudo encrypts-recover-private. I got a message saying command not found.

    [Reply]

Leave a Reply