Once again, this post is long, long, long overdue ;-)
I'm pleased to announce the general availability of a new utility -- ecryptfs-recover-private!
For several years now, we in the #ecryptfs IRC channel and in the eCryptfs community on Launchpad have been pointing people to this blog post of mine, which explains how to manually mount an Encrypted Home or Private directory from an Ubuntu LiveCD.
I'm quite happy to say that this is now an automated process, with the release of the Ubuntu 11.04 (Natty Narwhal) Desktop later this week!
If you find yourself in a situation where you need to recover your Encrypted Home or Encrypted Private directory, simply:
- boot the target system using an Ubuntu 12.04 (or newer) Desktop LiveCD
- make sure that your target system's hard drive is mounted
- open a terminal
- install ecryptfs-utils 'sudo apt-get install -y ecryptfs-utils'
- and run 'sudo ecryptfs-recover-private'
- follow the prompts
- access your decrypted data and save somewhere else
- you can also launch the graphical file browser with 'sudo nautilus' and navigate to the temporary directory
Here's a video demonstration...
Tossing you a life raft,
:-Dustin
Woohoo nice!
ReplyDeletePerfect timing. Reallt needed to find a straightforward solution to decript my home directory after system failure.
ReplyDeleteExcellent and very useful. Thanks Dustin.
ReplyDeleteNeat Dustin.
ReplyDeleteI know many of us have requested a simplified method to do this. Once again, the community asked and we got :-)
One small typo on the manpage (http://manpages.ubuntu.com/manpages/natty/en/man1/ecryptfs-recover-private.1.html) - the link in the "SEE ALSO" section to your blog has chopped off the tail end of the hyperlink so it's invalid. It reads
http://blog.dustinkirkland.com/2009/03/mounting-your-encrypted-home-
instead of
http://blog.dustinkirkland.com/2009/03/mounting-your-encrypted-home-from.html
Ted
from.html
Thanks for the careful read, Ted ;-)
ReplyDeleteWill this work for data on releases prior to Natty? ie, can I use a Natty Live CD and this utility to recover encrypted data from a Lucid system?
ReplyDeleteTony,
ReplyDeleteYes, absolutely, that's the point!
I'll try to make that more clear in the post...
Dustin,
ReplyDeleteyou saved my life, thank you for this simple tutorial.
My god. Thank you so much! I tried to upgrade to 11.04, and it wrecked my OS. This is a lifesaver. One thing you might want to mention: use "gksu nautilus" to access the temporary directory.
ReplyDeleteWhere do I send hugs?
ReplyDeleteIt's great, thanks so much! I just want to add my note (maybe you can add it to the post above) that by using a live-cd you have to "sudo nautilus" to the decrypted folder in order to see the files. I was getting "Permission denied" for quite some time till I figured I had to sudo :)
Thank you, thank you, thank you!
ReplyDeleteWhile my backup drive was out of action a couple of months ago, my main PC drive decided to play up so I couldn't boot into Ubuntu and get 8 years of photos back. For some reason everything I read on wikis, blogs and forums didn't work and the stress (and guilt) was getting unbearable. Today, making a liveCD and following your instructions above put a massive smile on my face. I can't believe I've now got access to everything again and nothing is lost. Thank you so much for sharing your knowledge - I shall sleep well tonight!
Hi Dustin,
ReplyDeleteI was able to follow your instructions and gain access through the terminal to my files, however my access is read only and since I'm using the LiveCD. I need to copy my files to an external drive then reformat and re-install Ubuntu. Is there a way to copy read only files?
Worked like a charm - thanks.
ReplyDeletehow to change permissions and remove cryptation to the recovered /home?
ReplyDeleteHi guys,
ReplyDeleteI updated linux mint 10.11 to 11.04 after it has been recommended to install mint from scratch always. After adding the new resources for an apt-get distribution upgrade the installation failed. Additionally I have chosen the wrong grub option to let the former grub.config remain instead to use the new one.
So I started my netbook from a mobile usb ssd in persistence mode and with linux mint 11.04. It shall be the same as a Live CD, isnt'it? After two days and a lot of tries I found this very helpful blog of dustin. much thanks, dustin, there is light in the dark tunnel. But - amazing - I got this:
"Inserted auth tok with sig [d80e83c776b58ba8] into the user session keyring
ERROR: The key required to access this private data is not available."
Could you please be so kind to explain me this error and what I might do now?
Much thanks in advance!
Jörg
I'm able to use this new command to get the /tmp/ecrypt.xxxxxx folder to show up but it is locked and I can't access it.
ReplyDeleteThe folder icon has an X over the upper right corner & a lock under that in the bottom right corner.
Any ideas on what to do next?
Thank you for this addition to Natty! I was having a hard time mounting my files on a system I wrecked ;)
ReplyDeleteI thought the data was gone - this saved me a bunch of time.
Does this work in 10.04 as well?
ReplyDeleteI just wanted to say thanks for building this. I used it to recover a ~/.Private directory on an external drive, and it worked flawlessly.
ReplyDeleteIt's folks like yourself building tools like this that makes open source projects such a pleasure to use.
So kudos, and thanks.
My 640GB laptop hd has bad sectors, after 2 frustrating days and following different other methods this finally worked for me! I would like to add that at the end when you do: "sudo nautilus" from the 11.04 live cd and go to the /tmp/encrypted folder to copy the data, open another terminal and do another: "sudo nautilus". You will have two nautilus windows so you can access your backup drive and copy to it without getting a permission denied if you just had a regular nautilus window open. Thanks for this guide!
ReplyDeleteThanks $deity and Dustin, this method works for recover my encrypted private directory and backup it to external drive. Thanks again for this tutorial.
ReplyDeleteThanks Man!! it worked for me!!
ReplyDeletethank's a lot, u'r save my life
ReplyDeletewell... I must not be doing this right :P When I follow these steps I get a bunch of encrypted files and directories in /tmp/ecryptfs.random ...so, recovered, yes, but useable? no. Any idea where I messed up?
ReplyDeleteI have 11.10, is this utility available in 11.10? I get command not found.. i tried looking for how to install it and no luck so far.. tried sudo apt-get install ecryptfs-utils but I get no installation candidate.. I can't download 11.04 anymore so it would be great if someone can point me to right direction..
ReplyDeleteJust found this tool and it works great!
ReplyDeleteThank you Dustin, thank you Dustin, thank you Dustin!
It is a life raft indeed.
Dustin,
ReplyDeleteThis is cake my friend nice job! I remember when this was stuff was hard. I've been trying to recover a drive for some time now.
Thank you
Tossing you a life raft,
ReplyDelete:-Dustin
YOU SAY IT! *YOU* *THE* *MAN*
JUST SAVED MY LIFE! THANK YOU
PS: Lost 3 days and nights trying to recover the operating system after I accidentaly run rm -rfv / instead of rm -rfi /; Also the system didn't boot into recovery mode and additionaly - of course - I didn't remember where I physically stored the another passphrase.
Tried your approach -> I'm able to work again!
hello, thanks for the info. actually in the readme in encrypted folder is also the same, just for me was not clear to run it as sudo and to mount to partition first (yes, I am newbie..), and was already trying the older method, recovering my mount passphrase and so on.. anyway, it was fun, learning a lot. thanks again.
ReplyDeleteI might didn't understand the underlying concept of eCryptfs, but why I'm not able to 'import' an encrypted Folder only by using the credentials e.g. passphrase?
ReplyDeleteI'm able to 'import' it by using 'sudo ecryptfs-recover-private', this will mount it somewhere readonly in /tmp as far as I remember, but I want to mount it rw e.g. under ~/Privatw or wherever I want... on the remote system.
It works. Thank you a lot.
ReplyDeleteBest regards from Montenegro!
Hey,
ReplyDeletethank you very much for this.
Great
Jörg
The image is not a raft, but a type IV PFD.
ReplyDelete-Coast Guard
I can't get this to work. I suspect it is because I copied my old home directory (encrypted) onto a USB drive that was being used by Windows. So now I have a bunch of duplicity-inc. [other numbers].difftar.gpg files in it I can't access.
ReplyDeleteAny idea how to get to those? (The rescue command doesn't find them, probably because they're not .Private) I've already tried the "manual" method here (http://www.kaijanmaki.net/2009/10/26/recovering-files-from-ecryptfs-encrypted-home/) but it doesn't seem to work either.
I'm not sure if I was mistaken about how I got the .gpg files (I thought it was from copying over my home directory to a windows usb drive). Possibly I made them with the ubuntu default "backup" program. Regardless, I managed to recover them by using the "Restoring with Duplicity" instructions here: https://live.gnome.org/DejaDup/Help/Restore/WorstCase
DeleteSadly this doesn't work as expected. I have an encrypted home on an external hard disk. I am also running a system with a new encrypted home on it. If I run ecryptfs-recover-private specifying the path to the .Private directory on the external disk and enter my login passphrase... it decrypts my home directory on my current installation (NOT the external disk) and mounts it on /tmp!
ReplyDeleteNo matter how you look at it, something is wrong with this, because the interactive script specifically asks me:
INFO: Found [/media/external-disk/home/userX/.Private].
Try to recover this directory? [Y/n]: y
And then doesn't do that at all!
Unfortunately I have to confirm this problem - having an encrypted home and backup of previous one with the same username unfortunately makes this utility fail:(
DeleteI think your problem is due to /media/external-disk/home/userX/.Private being a symbolic link to /home/.ecryptfs/userX/.Private (note the absolute path, not relative)
DeleteThe file you actually want to recover is actually /media/external-disk/.ecryptfs/userX/.Private
I would propose to do the following:
cd /media/external-disk/.ecryptfs/userX/
ecryptfs-recover-private .Private
hope this helps.
I have the same issue as the previous Anonymous poster - fresh 12.04 installation with same username as on old system. Calling the program it asks whether to recover the old homedirectory but it mounts the new one.
ReplyDeleteGreat info, very good. I have used the live version of "xubuntu-12.04.1-desktop-amd64.iso" and it works! Really thanks!
ReplyDeleteThanks it worked great for me to recover my old home directory from an external drive on linuxmint 14.1.
ReplyDeleteThanks Nate! Some space problem here and your solution worked.
ReplyDeleteThanks. This app is genious. But how come I didn't find it immediately? Wake up, Canonical! Make this the first stop in your documentation. And secondly: How about offering this with a simple GUI in Ubuntu Software Center, maybe it could help on distribution.. call it disk decrypter or something like that so its searchable.
ReplyDeleteIt might be worth to note that the mounting when entering the unwrapped passphrase will always report 'success' even with wrong passphrase.
ReplyDelete