A few days ago I managed to lock myself out of my encrypted home directory, luckily I was finally able to recover all of the data with many trials and tribulations. I would like to give you some background on the issue, what I ran into, and how I got myself out of this mess.
Some back story first. My computer has two physical hard drives, each 500GB. I have the /root partition and all system specific binaries on the first hard drive. My /home and all important data on an encrypted /home directory which sits on the second physical hard drive. For the most part this has worked flawlessly, other than a few occasions where my system boots so fast that my /home is not yet mounted when I go to login.
A few days ago I was in a rush and I placed my system into “suspend” mode – this is a laptop. I have never had a lot of luck using Hibernate or Suspend within Ubuntu or Debian, perhaps its just me. Another interesting piece (that I found out later) was that a Veetle plugin for my browser can cause issues with the .ICEauthority file in your /home directory. Needless to say, when I went to boot up my system the /home drive looked quite bare and initially I was unable to login. OH NOESSS!
Luckily I was able to login as root and attempt to muck around with my /home. Ubuntu provides a few tools that allow recovery – ecryptfs-mount-private is the first option. So this is what I did:
# ecryptfs-mount-private ERROR: Encrypted private directory is not setup properly
Uh-oh?! Why does this not work? I then added my user again into the system and tried again, and ran the same command:
1 2 3 4
# ecryptfs-mount-private Enter your login passphrase: Inserted auth tok with sig [34af1e6727ba147a5] into the user session keyring ERROR: Encrypted private directory is not setup properly
Well that is interesting, I was actually prompted for the passphrase this time, but no closer to accessing my data. I came across this article which gave me a few options to try with the addition of the add user: GoShawknest. This didn’t end up working. So this got me thinking. What do I usually do when the proverbial faecal matter hits the spinning wind generator? Head to a live CD! In most cases a live CD can get you out of a jam.
How To Access Your Encrypted Drive from a Live CD
Here is the juice of the fix!
Note: This worked because I knew the pass phrase for my drive. You cannot simply attempt this method to hack into someone else’s encrypted drive.
1. Boot into your live CD
I used Ubuntu 11.04 live CD as that is the version my system is currently running.
2. Mount your /root and /home
As mentioned earlier I am using two physical drives for my /root and /home. Thus I needed to mount both /dev/sda and /dev/sdb to create the proper filesystem while running my live CD in ram. Thus
1 2 3 4
ubuntu@ubuntu:~$ sudo mount /dev/sda1 /mnt # SKIP THIS STEP IF YOU DO NOT HAVE A SEPARATE HOME DIRECTORY ubuntu@ubuntu:~$ sudo mount /dev/sda2 /mnt/home
Now my usual full running system lives in /mnt. Thus under /mnt I have /root, /usr, /sys , etc. With /home/erik/ in there as well. The /home/erik/ is currently empty because of course, I am unable to access the encrypted data. But not for long!
3. Use ecryptfs-recover-private
The ecryptfs-recover-private utility will search your entire filesystem for unmount encrypted partitions and attempt to mount them if some are found.
1 2 3 4 5 6 7 8 9 10
ubuntu@ubuntu:~$ sudo ecryptfs-recover-private INFO: Searching for encrypted private directories (this might take a while)... INFO: Found [/mnt/home/.ecryptfs/erik/.Private]. Try to recover this directory? [Y/n]: Y INFO: Found your wrapped-passphrase Do you know your LOGIN passphrase? [Y/n] Y INFO: Enter your LOGIN passphrase... Passphrase: Inserted auth tok with sig [34af1e6727ba147a5] into the user session keyring INFO: Success! Private data mounted read-only at [/tmp/ecryptfs.zeflWYZGSE].
I then did a cd /tmp/ecryptfs.zeflWYZGSE/ and found myself in a directory with all of my precious data! It appears to have worked!
4. Move your data!
Now that you have access to your precious data move it somewhere. I ended up using that /home/erik directory, although unecrypted gave me the chance to access it on my rebooted system. Also do not forget to copy all of your .hidden files.
This also bring up a point. Is it beneficial to have your entire /home drive encrypted? Or are you trying to just encrypt specific points of data. For instance, I do not really require my .bashrc file to be encrypted, but I may have a specific directory or data pieces I want encrypted.
Alternative Encryption Mechanisms
This led me to TrueCrypt. A friend of mine has used TrueCrypt for over five years without issue, so I think I will give it a try. There are undoubtedly other options, but this one is free. Depending on your needs the base Ubuntu encrypted home directory works but may be overkill for everyday use. What do you use for encryption?