From the Canyon Edge -- :-Dustin

Tuesday, April 26, 2011

Introducing ecryptfs-recover-private -- Recover your Encrypted Private Directory!

Once again, this post is long, long, long overdue ;-)

I'm pleased to announce the general availability of a new utility -- ecryptfs-recover-private!

For several years now, we in the #ecryptfs IRC channel and in the eCryptfs community on Launchpad have been pointing people to this blog post of mine, which explains how to manually mount an Encrypted Home or Private directory from an Ubuntu LiveCD.

I'm quite happy to say that this is now an automated process, with the release of the Ubuntu 11.04 (Natty Narwhal) Desktop later this week!

If you find yourself in a situation where you need to recover your Encrypted Home or Encrypted Private directory, simply:
  1. boot the target system using an Ubuntu 12.04 (or newer) Desktop LiveCD
  2. make sure that your target system's hard drive is mounted
  3. open a terminal
  4. install ecryptfs-utils 'sudo apt-get install -y ecryptfs-utils'
  5. and run 'sudo ecryptfs-recover-private'
  6. follow the prompts
  7. access your decrypted data and save somewhere else
  8. you can also launch the graphical file browser with 'sudo nautilus'  and navigate to the temporary directory
The utility will do a deep find of the system's hard disk, looking for folders named ".Private", and will interactively ask you if it's the folder you'd like to recover.  If you answer "yes", you will then be prompted for the login passphrase that's used to decrypt your wrapped, mount passphrase.  Assuming you have the correct credentials, it will mount your Encrypted Home or Private directory in read-only mode, and point you at the temporary directory where it's mounted.

Here's a video demonstration...

Tossing you a life raft,


  1. Perfect timing. Reallt needed to find a straightforward solution to decript my home directory after system failure.

  2. Excellent and very useful. Thanks Dustin.

  3. Neat Dustin.

    I know many of us have requested a simplified method to do this. Once again, the community asked and we got :-)

    One small typo on the manpage ( - the link in the "SEE ALSO" section to your blog has chopped off the tail end of the hyperlink so it's invalid. It reads

    instead of



  4. Thanks for the careful read, Ted ;-)

  5. Will this work for data on releases prior to Natty? ie, can I use a Natty Live CD and this utility to recover encrypted data from a Lucid system?

  6. Tony,

    Yes, absolutely, that's the point!

    I'll try to make that more clear in the post...

  7. Dustin,
    you saved my life, thank you for this simple tutorial.

  8. My god. Thank you so much! I tried to upgrade to 11.04, and it wrecked my OS. This is a lifesaver. One thing you might want to mention: use "gksu nautilus" to access the temporary directory.

  9. Where do I send hugs?
    It's great, thanks so much! I just want to add my note (maybe you can add it to the post above) that by using a live-cd you have to "sudo nautilus" to the decrypted folder in order to see the files. I was getting "Permission denied" for quite some time till I figured I had to sudo :)

  10. Thank you, thank you, thank you!
    While my backup drive was out of action a couple of months ago, my main PC drive decided to play up so I couldn't boot into Ubuntu and get 8 years of photos back. For some reason everything I read on wikis, blogs and forums didn't work and the stress (and guilt) was getting unbearable. Today, making a liveCD and following your instructions above put a massive smile on my face. I can't believe I've now got access to everything again and nothing is lost. Thank you so much for sharing your knowledge - I shall sleep well tonight!

  11. Hi Dustin,

    I was able to follow your instructions and gain access through the terminal to my files, however my access is read only and since I'm using the LiveCD. I need to copy my files to an external drive then reformat and re-install Ubuntu. Is there a way to copy read only files?

  12. how to change permissions and remove cryptation to the recovered /home?

  13. Hi guys,

    I updated linux mint 10.11 to 11.04 after it has been recommended to install mint from scratch always. After adding the new resources for an apt-get distribution upgrade the installation failed. Additionally I have chosen the wrong grub option to let the former grub.config remain instead to use the new one.

    So I started my netbook from a mobile usb ssd in persistence mode and with linux mint 11.04. It shall be the same as a Live CD, isnt'it? After two days and a lot of tries I found this very helpful blog of dustin. much thanks, dustin, there is light in the dark tunnel. But - amazing - I got this:

    "Inserted auth tok with sig [d80e83c776b58ba8] into the user session keyring
    ERROR: The key required to access this private data is not available."

    Could you please be so kind to explain me this error and what I might do now?

    Much thanks in advance!

  14. I'm able to use this new command to get the /tmp/ecrypt.xxxxxx folder to show up but it is locked and I can't access it.

    The folder icon has an X over the upper right corner & a lock under that in the bottom right corner.

    Any ideas on what to do next?

  15. Thank you for this addition to Natty! I was having a hard time mounting my files on a system I wrecked ;)

    I thought the data was gone - this saved me a bunch of time.

  16. Does this work in 10.04 as well?

  17. I just wanted to say thanks for building this. I used it to recover a ~/.Private directory on an external drive, and it worked flawlessly.

    It's folks like yourself building tools like this that makes open source projects such a pleasure to use.

    So kudos, and thanks.

  18. This method doesn't work for me. I don't have any extra space or extra hard drives to copy my data over from the read only mount. I found an alternative method that worked for me and may be easier for some.

    When doing a fresh install and during the account creation, create an temporary account different from the one you're restoring. If your account name was bob than create bob2. Log on the temporary account and open Terminal from Applications -> Accessories.

    Type this. Note: I don't normally use shell to move files/folders so if I typed something wrong feel free to correct me. Remember to substitute "bob" with the account name you're restoring.

    sudo mv -r /home/bob /home/bob_bak
    sudo mv -r /home/.ecryptfs/bob /home/.ecryptfs/bob_bak

    Open Users and Groups from System -> Administration. Click Add, enter the exact Name and Username of the account you want to restore and check box it to Encrypt it. Make sure you use the exact same password of the original account or this wont work. Make sure to change the account type to Administrator so you can delete your temporary account when you're done. Close out of that window.

    Go back to Terminal and type this. Note: Remember to substitute bob with the account name you just created.

    sudo rm -r '/home/bob' '/home/.ecryptfs/bob'
    sudo mv -r /home/bob_bak /home/bob
    sudo mv -r /home/.ecryptfs/bob_bak /home/.ecryptfs/bob
    sudo chown -R bob '/home/bob' '/home/.ecryptfs/bob'
    sudo chgrp -R bob '/home/bob' '/home/.ecryptfs/bob'

    You should be good to go after this. Just log out of your temp account and into your restored account and delete the temp account.

    1. Thanks Nate! Some space problem here and your solution worked.

  19. My 640GB laptop hd has bad sectors, after 2 frustrating days and following different other methods this finally worked for me! I would like to add that at the end when you do: "sudo nautilus" from the 11.04 live cd and go to the /tmp/encrypted folder to copy the data, open another terminal and do another: "sudo nautilus". You will have two nautilus windows so you can access your backup drive and copy to it without getting a permission denied if you just had a regular nautilus window open. Thanks for this guide!

  20. Thanks $deity and Dustin, this method works for recover my encrypted private directory and backup it to external drive. Thanks again for this tutorial.

  21. thank's a lot, u'r save my life

  22. well... I must not be doing this right :P When I follow these steps I get a bunch of encrypted files and directories in /tmp/ecryptfs.random, recovered, yes, but useable? no. Any idea where I messed up?

  23. I have 11.10, is this utility available in 11.10? I get command not found.. i tried looking for how to install it and no luck so far.. tried sudo apt-get install ecryptfs-utils but I get no installation candidate.. I can't download 11.04 anymore so it would be great if someone can point me to right direction..

  24. Just found this tool and it works great!
    Thank you Dustin, thank you Dustin, thank you Dustin!
    It is a life raft indeed.

  25. Dustin,

    This is cake my friend nice job! I remember when this was stuff was hard. I've been trying to recover a drive for some time now.

    Thank you

  26. Tossing you a life raft,


    PS: Lost 3 days and nights trying to recover the operating system after I accidentaly run rm -rfv / instead of rm -rfi /; Also the system didn't boot into recovery mode and additionaly - of course - I didn't remember where I physically stored the another passphrase.
    Tried your approach -> I'm able to work again!

  27. hello, thanks for the info. actually in the readme in encrypted folder is also the same, just for me was not clear to run it as sudo and to mount to partition first (yes, I am newbie..), and was already trying the older method, recovering my mount passphrase and so on.. anyway, it was fun, learning a lot. thanks again.

  28. I might didn't understand the underlying concept of eCryptfs, but why I'm not able to 'import' an encrypted Folder only by using the credentials e.g. passphrase?
    I'm able to 'import' it by using 'sudo ecryptfs-recover-private', this will mount it somewhere readonly in /tmp as far as I remember, but I want to mount it rw e.g. under ~/Privatw or wherever I want... on the remote system.

  29. It works. Thank you a lot.
    Best regards from Montenegro!

  30. Hey,

    thank you very much for this.



  31. The image is not a raft, but a type IV PFD.

    -Coast Guard

  32. I can't get this to work. I suspect it is because I copied my old home directory (encrypted) onto a USB drive that was being used by Windows. So now I have a bunch of duplicity-inc. [other numbers].difftar.gpg files in it I can't access.

    Any idea how to get to those? (The rescue command doesn't find them, probably because they're not .Private) I've already tried the "manual" method here ( but it doesn't seem to work either.

    1. I'm not sure if I was mistaken about how I got the .gpg files (I thought it was from copying over my home directory to a windows usb drive). Possibly I made them with the ubuntu default "backup" program. Regardless, I managed to recover them by using the "Restoring with Duplicity" instructions here:

  33. Sadly this doesn't work as expected. I have an encrypted home on an external hard disk. I am also running a system with a new encrypted home on it. If I run ecryptfs-recover-private specifying the path to the .Private directory on the external disk and enter my login passphrase... it decrypts my home directory on my current installation (NOT the external disk) and mounts it on /tmp!

    No matter how you look at it, something is wrong with this, because the interactive script specifically asks me:

    INFO: Found [/media/external-disk/home/userX/.Private].
    Try to recover this directory? [Y/n]: y

    And then doesn't do that at all!

    1. Unfortunately I have to confirm this problem - having an encrypted home and backup of previous one with the same username unfortunately makes this utility fail:(

    2. I think your problem is due to /media/external-disk/home/userX/.Private being a symbolic link to /home/.ecryptfs/userX/.Private (note the absolute path, not relative)

      The file you actually want to recover is actually /media/external-disk/.ecryptfs/userX/.Private

      I would propose to do the following:
      cd /media/external-disk/.ecryptfs/userX/
      ecryptfs-recover-private .Private

      hope this helps.

  34. I have the same issue as the previous Anonymous poster - fresh 12.04 installation with same username as on old system. Calling the program it asks whether to recover the old homedirectory but it mounts the new one.

  35. Great info, very good. I have used the live version of "xubuntu-12.04.1-desktop-amd64.iso" and it works! Really thanks!

  36. Thanks it worked great for me to recover my old home directory from an external drive on linuxmint 14.1.

  37. Thanks. This app is genious. But how come I didn't find it immediately? Wake up, Canonical! Make this the first stop in your documentation. And secondly: How about offering this with a simple GUI in Ubuntu Software Center, maybe it could help on distribution.. call it disk decrypter or something like that so its searchable.

  38. It might be worth to note that the mounting when entering the unwrapped passphrase will always report 'success' even with wrong passphrase.


Please do not use blog comments for support requests! Blog comments do not scale well to this effect.

Instead, please use Launchpad for Bugs and StackExchange for Questions.