From the Canyon Edge -- :-Dustin

Wednesday, March 4, 2009

Mounting your Encrypted Home from an Ubuntu LiveCD

UPDATE: As of April 28, 2011, please use the ecryptfs-recover-private method instead!

I have received a few questions lately about mounting Ubuntu Encrypted Private or Encrypted Home directories from an Ubuntu LiveCD.

You can do this from a terminal with:
ubuntu@ubuntu$ sudo mount /dev/sda1 /mnt
ubuntu@ubuntu$ sudo mount -o bind /dev /mnt/dev
ubuntu@ubuntu$ sudo mount -o bind /dev/shm /mnt/dev/shm
ubuntu@ubuntu$ sudo mount -o bind /proc /mnt/proc
ubuntu@ubuntu$ sudo mount -o bind /sys /mnt/sys
ubuntu@ubuntu$ sudo chroot /mnt
root@ubuntu$ su - kirkland
kirkland@ubuntu$ ecryptfs-mount-private
Enter your login passphrase:
Warning: Using default salt value (undefined in ~/.ecryptfsrc)
Inserted auth tok with sig [xxx] into the user session keyring
kirkland@ubuntu$ cd $HOME
kirkland@ubuntu$ ls -alF
kirkland@ubuntu$ cat .profile
The above process assumes that your ~/.ecryptfs/wrapped-passphrase file is available on this system. If you're using 2-factor authentication and storing this elsewhere, you might need to perform an additional mount and symbolic link to make this file available.

Alternatively, if you're trying to recover data, and you've recorded your mount passphrase properly, you would use
kirkland@ubuntu$ ecryptfs-add-passphrase --fnek
just before the ecryptfs-mount-private bit, to manually enter your passphrase (rather than pulling it from ~/.ecryptfs/wrapped-passphrase).

  1. /dev/sda1 is the device serving my $HOME/.Private
  2. kirkland is my username, yours will likely be different ;-)
  3. Binding mounting /sys and /proc are critical -- ecryptfs needs access to kernel information shared there
  4. The dash in "su - " is important -- don't forget it!