Tuesday, April 23, 2013

How to Recover an Encrypted Home Directory on Ubuntu

image
Access an encrypted home directory when you’re not logged in – say, from a live CD – and all you’ll see is a README file. You’ll need a terminal command to recover your encrypted files.
You should also back up your mount passphrase ahead of time – you may need this in the future. While eCryptfs normally decrypts your files with your login passphrase, the mount passphrase may be necessary if eCryptfs’s files become lost.

Back Up Encryption Passphrase

If you use an encrypted Ubuntu home directory, you should keep a backup copy of your mount passphrase. You’ll see a dialog prompting you to do so after encrypting your home directory. Write down this passphrase and keep it somewhere safe – you may need it to recover your files in the future.

If you want to acquire this mount passphrase at a later date, just run the ecryptfs-unwrap-passphrase command while logged in.

You can still recover your encrypted files without this mount passphrase, assuming the ecryptfs wrapped passphrase is still available on your hard drive. However, if you lose this data or it becomes corrupted, you’ll need the mount passphrase to recover your files.

Recovering From a Live CD

You can recover your files by booting from a Ubuntu live CD or USB drive. If you still have the disc or USB drive you installed Ubuntu from, you can use that. Otherwise, you can download an ISO from Ubuntu’s website and place it on a CD, DVD, or USB drive.
Log in to the live Ubuntu environment and ensure the partition containing your encrypted home directory is mounted. You can easily mount it by clicking It in the file manager – you’ll see an eject (unmount) icon, indicating the partition is mounted.

Next, fire up a terminal and run the following command to search your mounted file systems for encrypted private directories
sudo ecryptfs-recover-private

The command will offer to recover an encrypted directory if it locates one.

Assuming the command found a wrapped passphrase file on your system, it will prompt you for your login passphrase. If it doesn’t find this file, you’ll need the mount passphrase from the ecryptfs-unwrap-passphrase command – hopefully you have a copy of this. If you don’t, you can’t recover your files.

The command will mount the encrypted directory in your /tmp directory.

You can access this directory to view the decrypted versions of your files. However, you may not have read access to this directory as the live CD user.

To access the directory with a graphical file browser, run Nautilus as root. Press Alt+F2, type gksu nautilus, and press Enter.

You’ll be able to access your files from the Nautilus window running as root. From here, you can easily copy the files to an external hard drive or another location.

No comments:

Post a Comment