From the Canyon Edge -- :-Dustin

Tuesday, April 26, 2011

Introducing ecryptfs-recover-private -- Recover your Encrypted Private Directory!



Once again, this post is long, long, long overdue ;-)

I'm pleased to announce the general availability of a new utility -- ecryptfs-recover-private!

For several years now, we in the #ecryptfs IRC channel and in the eCryptfs community on Launchpad have been pointing people to this blog post of mine, which explains how to manually mount an Encrypted Home or Private directory from an Ubuntu LiveCD.

I'm quite happy to say that this is now an automated process, with the release of the Ubuntu 11.04 (Natty Narwhal) Desktop later this week!

If you find yourself in a situation where you need to recover your Encrypted Home or Encrypted Private directory, simply:
  1. boot the target system using an Ubuntu 12.04 (or newer) Desktop LiveCD
  2. make sure that your target system's hard drive is mounted
  3. open a terminal
  4. install ecryptfs-utils 'sudo apt-get install -y ecryptfs-utils'
  5. and run 'sudo ecryptfs-recover-private'
  6. follow the prompts
  7. access your decrypted data and save somewhere else
  8. you can also launch the graphical file browser with 'sudo nautilus'  and navigate to the temporary directory
The utility will do a deep find of the system's hard disk, looking for folders named ".Private", and will interactively ask you if it's the folder you'd like to recover.  If you answer "yes", you will then be prompted for the login passphrase that's used to decrypt your wrapped, mount passphrase.  Assuming you have the correct credentials, it will mount your Encrypted Home or Private directory in read-only mode, and point you at the temporary directory where it's mounted.

Here's a video demonstration...





Tossing you a life raft,
:-Dustin

44 comments:

  1. Perfect timing. Reallt needed to find a straightforward solution to decript my home directory after system failure.

    ReplyDelete
  2. Excellent and very useful. Thanks Dustin.

    ReplyDelete
  3. Neat Dustin.

    I know many of us have requested a simplified method to do this. Once again, the community asked and we got :-)

    One small typo on the manpage (http://manpages.ubuntu.com/manpages/natty/en/man1/ecryptfs-recover-private.1.html) - the link in the "SEE ALSO" section to your blog has chopped off the tail end of the hyperlink so it's invalid. It reads

    http://blog.dustinkirkland.com/2009/03/mounting-your-encrypted-home-

    instead of

    http://blog.dustinkirkland.com/2009/03/mounting-your-encrypted-home-from.html

    Ted

    from.html

    ReplyDelete
  4. Thanks for the careful read, Ted ;-)

    ReplyDelete
  5. Will this work for data on releases prior to Natty? ie, can I use a Natty Live CD and this utility to recover encrypted data from a Lucid system?

    ReplyDelete
  6. Tony,

    Yes, absolutely, that's the point!

    I'll try to make that more clear in the post...

    ReplyDelete
  7. Dustin,
    you saved my life, thank you for this simple tutorial.

    ReplyDelete
  8. My god. Thank you so much! I tried to upgrade to 11.04, and it wrecked my OS. This is a lifesaver. One thing you might want to mention: use "gksu nautilus" to access the temporary directory.

    ReplyDelete
  9. Where do I send hugs?
    It's great, thanks so much! I just want to add my note (maybe you can add it to the post above) that by using a live-cd you have to "sudo nautilus" to the decrypted folder in order to see the files. I was getting "Permission denied" for quite some time till I figured I had to sudo :)

    ReplyDelete
  10. Thank you, thank you, thank you!
    While my backup drive was out of action a couple of months ago, my main PC drive decided to play up so I couldn't boot into Ubuntu and get 8 years of photos back. For some reason everything I read on wikis, blogs and forums didn't work and the stress (and guilt) was getting unbearable. Today, making a liveCD and following your instructions above put a massive smile on my face. I can't believe I've now got access to everything again and nothing is lost. Thank you so much for sharing your knowledge - I shall sleep well tonight!

    ReplyDelete
  11. Hi Dustin,

    I was able to follow your instructions and gain access through the terminal to my files, however my access is read only and since I'm using the LiveCD. I need to copy my files to an external drive then reformat and re-install Ubuntu. Is there a way to copy read only files?

    ReplyDelete
  12. how to change permissions and remove cryptation to the recovered /home?

    ReplyDelete
  13. Hi guys,

    I updated linux mint 10.11 to 11.04 after it has been recommended to install mint from scratch always. After adding the new resources for an apt-get distribution upgrade the installation failed. Additionally I have chosen the wrong grub option to let the former grub.config remain instead to use the new one.

    So I started my netbook from a mobile usb ssd in persistence mode and with linux mint 11.04. It shall be the same as a Live CD, isnt'it? After two days and a lot of tries I found this very helpful blog of dustin. much thanks, dustin, there is light in the dark tunnel. But - amazing - I got this:

    "Inserted auth tok with sig [d80e83c776b58ba8] into the user session keyring
    ERROR: The key required to access this private data is not available."

    Could you please be so kind to explain me this error and what I might do now?

    Much thanks in advance!
    Jörg

    ReplyDelete
  14. I'm able to use this new command to get the /tmp/ecrypt.xxxxxx folder to show up but it is locked and I can't access it.

    The folder icon has an X over the upper right corner & a lock under that in the bottom right corner.

    Any ideas on what to do next?

    ReplyDelete
  15. Thank you for this addition to Natty! I was having a hard time mounting my files on a system I wrecked ;)

    I thought the data was gone - this saved me a bunch of time.

    ReplyDelete
  16. Does this work in 10.04 as well?

    ReplyDelete
  17. I just wanted to say thanks for building this. I used it to recover a ~/.Private directory on an external drive, and it worked flawlessly.

    It's folks like yourself building tools like this that makes open source projects such a pleasure to use.

    So kudos, and thanks.

    ReplyDelete
  18. My 640GB laptop hd has bad sectors, after 2 frustrating days and following different other methods this finally worked for me! I would like to add that at the end when you do: "sudo nautilus" from the 11.04 live cd and go to the /tmp/encrypted folder to copy the data, open another terminal and do another: "sudo nautilus". You will have two nautilus windows so you can access your backup drive and copy to it without getting a permission denied if you just had a regular nautilus window open. Thanks for this guide!

    ReplyDelete
  19. Thanks $deity and Dustin, this method works for recover my encrypted private directory and backup it to external drive. Thanks again for this tutorial.

    ReplyDelete
  20. thank's a lot, u'r save my life

    ReplyDelete
  21. well... I must not be doing this right :P When I follow these steps I get a bunch of encrypted files and directories in /tmp/ecryptfs.random ...so, recovered, yes, but useable? no. Any idea where I messed up?

    ReplyDelete
  22. I have 11.10, is this utility available in 11.10? I get command not found.. i tried looking for how to install it and no luck so far.. tried sudo apt-get install ecryptfs-utils but I get no installation candidate.. I can't download 11.04 anymore so it would be great if someone can point me to right direction..

    ReplyDelete
  23. Just found this tool and it works great!
    Thank you Dustin, thank you Dustin, thank you Dustin!
    It is a life raft indeed.

    ReplyDelete
  24. Dustin,

    This is cake my friend nice job! I remember when this was stuff was hard. I've been trying to recover a drive for some time now.

    Thank you

    ReplyDelete
  25. Tossing you a life raft,
    :-Dustin


    YOU SAY IT! *YOU* *THE* *MAN*
    JUST SAVED MY LIFE! THANK YOU

    PS: Lost 3 days and nights trying to recover the operating system after I accidentaly run rm -rfv / instead of rm -rfi /; Also the system didn't boot into recovery mode and additionaly - of course - I didn't remember where I physically stored the another passphrase.
    Tried your approach -> I'm able to work again!

    ReplyDelete
  26. hello, thanks for the info. actually in the readme in encrypted folder is also the same, just for me was not clear to run it as sudo and to mount to partition first (yes, I am newbie..), and was already trying the older method, recovering my mount passphrase and so on.. anyway, it was fun, learning a lot. thanks again.

    ReplyDelete
  27. I might didn't understand the underlying concept of eCryptfs, but why I'm not able to 'import' an encrypted Folder only by using the credentials e.g. passphrase?
    I'm able to 'import' it by using 'sudo ecryptfs-recover-private', this will mount it somewhere readonly in /tmp as far as I remember, but I want to mount it rw e.g. under ~/Privatw or wherever I want... on the remote system.

    ReplyDelete
  28. It works. Thank you a lot.
    Best regards from Montenegro!

    ReplyDelete
  29. Hey,

    thank you very much for this.

    Great

    Jörg

    ReplyDelete
  30. The image is not a raft, but a type IV PFD.

    -Coast Guard

    ReplyDelete
  31. I can't get this to work. I suspect it is because I copied my old home directory (encrypted) onto a USB drive that was being used by Windows. So now I have a bunch of duplicity-inc. [other numbers].difftar.gpg files in it I can't access.

    Any idea how to get to those? (The rescue command doesn't find them, probably because they're not .Private) I've already tried the "manual" method here (http://www.kaijanmaki.net/2009/10/26/recovering-files-from-ecryptfs-encrypted-home/) but it doesn't seem to work either.

    ReplyDelete
    Replies
    1. I'm not sure if I was mistaken about how I got the .gpg files (I thought it was from copying over my home directory to a windows usb drive). Possibly I made them with the ubuntu default "backup" program. Regardless, I managed to recover them by using the "Restoring with Duplicity" instructions here: https://live.gnome.org/DejaDup/Help/Restore/WorstCase

      Delete
  32. Sadly this doesn't work as expected. I have an encrypted home on an external hard disk. I am also running a system with a new encrypted home on it. If I run ecryptfs-recover-private specifying the path to the .Private directory on the external disk and enter my login passphrase... it decrypts my home directory on my current installation (NOT the external disk) and mounts it on /tmp!

    No matter how you look at it, something is wrong with this, because the interactive script specifically asks me:

    INFO: Found [/media/external-disk/home/userX/.Private].
    Try to recover this directory? [Y/n]: y

    And then doesn't do that at all!

    ReplyDelete
    Replies
    1. Unfortunately I have to confirm this problem - having an encrypted home and backup of previous one with the same username unfortunately makes this utility fail:(

      Delete
    2. I think your problem is due to /media/external-disk/home/userX/.Private being a symbolic link to /home/.ecryptfs/userX/.Private (note the absolute path, not relative)

      The file you actually want to recover is actually /media/external-disk/.ecryptfs/userX/.Private

      I would propose to do the following:
      cd /media/external-disk/.ecryptfs/userX/
      ecryptfs-recover-private .Private

      hope this helps.

      Delete
  33. I have the same issue as the previous Anonymous poster - fresh 12.04 installation with same username as on old system. Calling the program it asks whether to recover the old homedirectory but it mounts the new one.

    ReplyDelete
  34. Great info, very good. I have used the live version of "xubuntu-12.04.1-desktop-amd64.iso" and it works! Really thanks!

    ReplyDelete
  35. Thanks it worked great for me to recover my old home directory from an external drive on linuxmint 14.1.

    ReplyDelete
  36. Thanks Nate! Some space problem here and your solution worked.

    ReplyDelete
  37. Thanks. This app is genious. But how come I didn't find it immediately? Wake up, Canonical! Make this the first stop in your documentation. And secondly: How about offering this with a simple GUI in Ubuntu Software Center, maybe it could help on distribution.. call it disk decrypter or something like that so its searchable.

    ReplyDelete
  38. It might be worth to note that the mounting when entering the unwrapped passphrase will always report 'success' even with wrong passphrase.

    ReplyDelete

Please do not use blog comments for support requests! Blog comments do not scale well to this effect.

Instead, please use Launchpad for Bugs and StackExchange for Questions.
* bugs.launchpad.net
* stackexchange.com

Thanks,
:-Dustin

Printfriendly