UPDATE: As of April 28, 2011, please use the ecryptfs-recover-private method instead!
I have received a few questions lately about mounting Ubuntu Encrypted Private or Encrypted Home directories from an Ubuntu LiveCD.
You can do this from a terminal with:
The above process assumes that your ~/.ecryptfs/wrapped-passphrase file is available on this system. If you're using 2-factor authentication and storing this elsewhere, you might need to perform an additional mount and symbolic link to make this file available.ubuntu@ubuntu$ sudo mount /dev/sda1 /mnt ubuntu@ubuntu$ sudo mount -o bind /dev /mnt/dev ubuntu@ubuntu$ sudo mount -o bind /dev/shm /mnt/dev/shm ubuntu@ubuntu$ sudo mount -o bind /proc /mnt/proc ubuntu@ubuntu$ sudo mount -o bind /sys /mnt/sys ubuntu@ubuntu$ sudo chroot /mnt root@ubuntu$ su - kirkland kirkland@ubuntu$ ecryptfs-mount-private Enter your login passphrase: Warning: Using default salt value (undefined in ~/.ecryptfsrc) Inserted auth tok with sig [xxx] into the user session keyring kirkland@ubuntu$ cd $HOME kirkland@ubuntu$ ls -alF ... kirkland@ubuntu$ cat .profile ...
Alternatively, if you're trying to recover data, and you've recorded your mount passphrase properly, you would use
just before the ecryptfs-mount-private bit, to manually enter your passphrase (rather than pulling it from ~/.ecryptfs/wrapped-passphrase).kirkland@ubuntu$ ecryptfs-add-passphrase --fnek
- /dev/sda1 is the device serving my $HOME/.Private
- kirkland is my username, yours will likely be different ;-)
- Binding mounting /sys and /proc are critical -- ecryptfs needs access to kernel information shared there
- The dash in "su - " is important -- don't forget it!