How to recover crypted home directory in Ubuntu
HowToubuntu
UPDATE: this topic is also covered in a better way at Dustin Kirkland’s blog
From some versions ago, Ubuntu provides the facility of setting up the home folder of his users as cyphered directories. This method secure all the documents of the user from any kind of attacks (once the user is not logged in) but what happens if something goes wrong and… you cannot boot the machine anymore? Well, the pc doesn’t recognize its user, you, and you are unable to get your data if you boot from an external hard drive or cd or usb. If you try to boot using an extern device like those, you will find your home directory empty. So… How do we recover data in this case?
If you try to mount your /home partition and try to recover your data you get this error:
root@ubuntu:/home/goshawk# ecryptfs-mount-private ERROR: Encrypted private directory is not setup properly
During my everyday use i have been in this kind of problems. Don’t ask me how and why, but i accidentally run a rm -fr /sbin so my system was unable to boot. To recover my cyphered data i did the following:
- Boot from cd or usb with a live version of Ubuntu
- Mount your home partition in /home
- Create an user with the same name as your broken system username (in my case goshawk) and run ecryptfs-mount-private like i did in the following console log.
root@ubuntu:/home/goshawk# adduser --no-create-home goshawk Adding user `goshawk' ... Adding new group `goshawk' (1000) ... Adding new user `goshawk' (1000) with group `goshawk' ... Not creating home directory `/home/goshawk'. Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for goshawk Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] y root@ubuntu:/home/goshawk# su goshawk keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' goshawk@ubuntu:~$ ecryptfs-mount-private Enter your login passphrase: Inserted auth tok with sig [50a77c517a0463e0] into the user session keyring INFO: Your private directory has been mounted. INFO: To see this change in your current shell: cd /home/goshawk goshawk@ubuntu:~$ cd /home/goshawk/ goshawk@ubuntu:~$ ls Amule Music Aptana Studio Workspace n900 bin Piano.pdf Desktop Pictures DeusSito_2010_03_26.zip_[lZ4293] plecno2 Documents Public Downloads Random Exercises.pdf GrayHatPython.epub RegDid0809-509-CLSINFMi.pdf GrayHatPython.mobi specialistica poli GrayHatPython.pdf Templates Immagine 1.png TimeShift-20100327T003250.m2t Jocart.png Videos jupiter goshawk@ubuntu:~$
Et VoilΓ . As you can see i was finally able to run an ls and see all my data correctly there. Mission Accomplished. π
22 Comments
This is great, thankyou goshawk. For the less experienced of us out here, can you please expand this to show how you mounted the home folder?
Hi,
that guide is old now, have a look here: http://blog.dustinkirkland.com/2009/03/mounting-your-encrypted-home-from.html
so you’re telling us that ANYONE who gets a hold of our hard drive AND has our username can boot with a CD and get full access to our encrypted data?
Yep… and it’s not a problem of the system. The ecnryption of the home directory is based on a secret, this secret is the password. If you know the secret you can break the system.
For a stronger secret look for encryptfs with public key. In that case only the key holder will be able to access the data.
I had this problem on my brother’s PC. I reinstalled the system keeping the /home partition, and marked for Ubuntu to encrypt the folder, but I forgot it was already encrypted. When I run ecryptfs-mount-private, it says the same error
ERROR: Encrypted private directory is not setup properly
You saved my life. Thank you very much!
This is great π
I stuffed up my ubuntu laptop by trying to migrate to Debian Squeeze, had kernel panic on reboot and could not even go into anything.
Downloaded karmic off winblows and went into the live environment, no fresh install.
Only difference with your post was that I had not installed /home on a different partition.
Created a folder on the live desktop and called it Linux
Mounted the whole linux partition on the “Linux” folder and could only see the two files that gave me chills up my spine but non of my normal folders.
The trick was to follow your instructions to the letter but in the virtual /home folder I create symbolic links to the folders that I needed, specially this line:
root@ubuntu:/home# ln -s /home/ubuntu/Desktop/Linux/home/.ecryptfs ./.ecryptfs
Once I su’d into my folder and entered my original passphrase, I can now see all of my folders/files π
Thank you!!
I was able to get in following these steps, but I found a couple problems. 1) I couldnt copy files from the encrypted directory over to anywhere usable. 2) In the process of trying to copy them over, I had mistakenly copied a large folder over into the same directory, thus filling the drive to capacity. So whenever I try to use this trick again it says “su: cannot create temp file for here-document: No space left on device”….anyone have any ways around it?
This worked.
It worked!! Just saved my life! Many thanks!!!
Anotherm mode:
1) Boot from cd or usb with live version of ubuntu
2) In terminal write ecryptfs-recover-private and enjoy π
root@ubuntu:/home/marco# ecryptfs-recover-private
INFO: Searching for encrypted private directories (this might take a while)…
INFO: Found [/home/.ecryptfs/marco/.Private].
Try to recover this directory? [Y/n]: Y
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] Y
INFO: Enter your LOGIN passphrase…
Passphrase:
Inserted auth tok with sig [d080766f10d29f11] into the user session keyring
INFO: Success! Private data mounted read-only at [/tmp/ecryptfs.T9THC1Uk].
3) Copy your file from /tmp/… ! π
nice marco!
they made it really easy now…
Hey, nice entry. I encontered a problem while trying to do what you say.
After ecryptfs-mount-private I get this error message “ERROR: Encrypted private directory is not setup properly”
Sorry for my english it’s not my native language.
follow this: http://goshawknest.wordpress.com/2010/04/16/how-to-recover-crypted-home-directory-in-ubuntu/#comment-385
Thank you. It worked.
you are welcome π
Thank you vincezoam, you are the one.
Thanks a lot. Those steps are still valid as of Jan. 2013. (Lubuntu 12.10).