Ubuntu – Decrypt $HOME from Separate Partition after re-install


Previously, I had installed 10.10 with three partitions – sda1-/boot(ext2) sda2-/(btrfs) sda3- /home(btrfs). And I have chosen encrypted home folder. Now on same machine I have installed 10.04 (LTS) with choosing new /boot on same sda1, / on same sda2 (ext4) and sda3(home) left untouched from earlier install.

My problem is that now I cant access/mount my previous home with ecryptfs-mount-private
util with the passphrase of earlier home user. Here is the ERROR: Encrypted private directory is not setup properly.
I have also installed btrfs utilities.

So are there any solutions/workarounds to gain access to $home on different partition.

Best Answer

  • Lucky you! I just had the same problem and wrote a script that will facilitate mounting ecryptfs Folders with FNEK.

    sudo su -

    Then open nano/vim/your editor of choice and create a file ecryptfs-fnek-helper.sh with the following contents:

    # Thanks to https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/455709
    echo "Where is the /home with the .ecryptfs mounted? (default=/mnt/home)"
    read home_ecryptfs
    if [ -z "$home_ecryptfs" ]; then
    echo "Whose encrypted home would you like to mount?"
    read user
    if [ -z "$user" ]; then
        echo "You have to enter a user!"
    echo "What is the user's password?"
    read -s password
    if [ -z "$password" ]; then
        echo "You have to enter a password!"
    echo "Where would you like to mount it? (Default: /mnt/[username])"
    read target
    if [ -z "$target" ]; then
    mkdir -p $target
    echo I will be mounting $private into $target.
    echo "Clearing the keyring."
    keyctl clear @u
    keyctl list @u
    echo "Unwrapping passphrase and inserting it into key:"
    printf "%s" $password | ecryptfs-insert-wrapped-passphrase-into-keyring $wrapped -
    keyctl list @u
    echo -e "\e[0;92mPassphrase:"
    echo -e '\e[1;92m'`printf "%s" $password | ecryptfs-unwrap-passphrase $wrapped - `'\e[0m'
    echo -e "\e[0;96mFilename Encryption Key (FNEK) Signature:"
    echo -e '\e[1;96m'`tail -n1 $sig`'\e[0m'
    echo -e "Mounting now! Be sure to enable FNEK!"
    mount.ecryptfs $private $target -o ecryptfs_cipher=aes,ecryptfs_key_bytes=16,key=passphrase

    This will unwrap your passphrase and add it to the keyring. It will also display the passhprase and the correct FNEK signature, so you can copy/paste them when prompted by mount.ecryptfs.

    Make the file executable and run it while still in su:

    chmod +x ecryptfs-fnek-helper.sh