Ubuntu – Decrypt $HOME from Separate Partition after re-install

ecryptfsencryptionfilesystemhome-directory

Previously, I had installed 10.10 with three partitions – sda1-/boot(ext2) sda2-/(btrfs) sda3- /home(btrfs). And I have chosen encrypted home folder. Now on same machine I have installed 10.04 (LTS) with choosing new /boot on same sda1, / on same sda2 (ext4) and sda3(home) left untouched from earlier install.

My problem is that now I cant access/mount my previous home with ecryptfs-mount-private
util with the passphrase of earlier home user. Here is the ERROR: Encrypted private directory is not setup properly.
I have also installed btrfs utilities.

So are there any solutions/workarounds to gain access to $home on different partition.

Best Answer

  • Lucky you! I just had the same problem and wrote a script that will facilitate mounting ecryptfs Folders with FNEK.

    sudo su -
    

    Then open nano/vim/your editor of choice and create a file ecryptfs-fnek-helper.sh with the following contents:

    #!/bin/bash
    
    # Thanks to https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/455709
    # 
    
    echo "Where is the /home with the .ecryptfs mounted? (default=/mnt/home)"
    read home_ecryptfs
    if [ -z "$home_ecryptfs" ]; then
        home_ecryptfs=/mnt/home
    fi
    home_ecryptfs=$home_ecryptfs/.ecryptfs
    
    echo "Whose encrypted home would you like to mount?"
    read user
    if [ -z "$user" ]; then
        echo "You have to enter a user!"
        exit;
    fi
    
    echo "What is the user's password?"
    read -s password
    if [ -z "$password" ]; then
        echo "You have to enter a password!"
        exit;
    fi
    
    echo "Where would you like to mount it? (Default: /mnt/[username])"
    read target
    if [ -z "$target" ]; then
        target=/mnt/$user
    fi
    target=$target/
    mkdir -p $target
    
    wrapped=$home_ecryptfs/$user/.ecryptfs/wrapped-passphrase
    sig=$home_ecryptfs/$user/.ecryptfs/Private.sig
    private=$home_ecryptfs/$user/.Private/
    
    echo I will be mounting $private into $target.
    
    echo "Clearing the keyring."
    keyctl clear @u
    keyctl list @u
    
    echo "Unwrapping passphrase and inserting it into key:"
    printf "%s" $password | ecryptfs-insert-wrapped-passphrase-into-keyring $wrapped -
    
    keyctl list @u
    
    echo -e "\e[0;92mPassphrase:"
    echo -e '\e[1;92m'`printf "%s" $password | ecryptfs-unwrap-passphrase $wrapped - `'\e[0m'
    echo -e "\e[0;96mFilename Encryption Key (FNEK) Signature:"
    echo -e '\e[1;96m'`tail -n1 $sig`'\e[0m'
    echo -e "Mounting now! Be sure to enable FNEK!"
    mount.ecryptfs $private $target -o ecryptfs_cipher=aes,ecryptfs_key_bytes=16,key=passphrase
    

    This will unwrap your passphrase and add it to the keyring. It will also display the passhprase and the correct FNEK signature, so you can copy/paste them when prompted by mount.ecryptfs.

    Make the file executable and run it while still in su:

    chmod +x ecryptfs-fnek-helper.sh
    ./ecryptfs-fnek-helper.sh