Mounting an ecryptfs elsewhere

Markus Schönhaber ubuntu-users at list-post.mks-mail.de
Thu Apr 14 08:43:20 UTC 2011 

13.04.2011 23:56, Todd A. Jacobs:

> I have an old ecryptfs-encrypted home directory that I'd like to mount on a
> new system on a different mountpoint than my home directory. The man pages
> are somewhat confusing on this issue, and trying to mount directly with
> "sudo mount -t ecrytpdir mountpoint" leads to some unexpected menus about
> ciphers--and I really, really don't want to hose this directory by accident.
> 
> How should one go about this in a non-destructive way?

What I do is kind of ugly but since I do this very rarely, I haven't yet
bothered to find a better solution.

1.) If necessary, mount the file-system containing the old /home
somewhere. For this example, I assume that the old /home was on a
separate partition an is now mounted on /media/oldhome. You have to
adjust paths to match your setup.
Unless you really want to change something on the old home, mounting ro
is probably a good idea.

2.) Find the encryption passphrase for old /home. If you wrote it down
after installing the old system, fine. Otherwise do
$ ecryptfs-unwrap-passphrase
/media/oldhome/.ecryptfs/<username>/.ecryptfs/wrapped-passphrase
When prompted, type the login password of <username> on the old system.

3.) Do a
$ sudo ecryptfs-add-passphrase --fnek
When prompted for the passphrase (not the sudo user password, of
course), enter the one found in 2.).
You'll see an output like
Inserted auth tok with sig [1234567890123456] into the user session keyring
Inserted auth tok with sig [abcdefabcdefabcd] into the user session keyring
The second sig (abcdefabcdefabcd) is important in the next step.

4.) mount:
$ sudo mount -t ecryptfs /media/oldhome/.ecryptfs/<username>/.Private
/some/where
When prompted, enter the passphrase from 2.)
Next, you'll be asked some questions. Accept the defaults, except for
Enable filename encryption (y/n) [n]:
Answer y and enter the second sig from above (abcdefabcdefabcd).

You should now be able to access your old home via
/some/where

BTW: I assume that you use a recent Ubuntu version. On older versions
(I'm not sure - pre-Jaunty?) the paths to encrypted data and meta-data
were different. And, IIRC, there wasn't filename encryption (at least
not by default).

-- 
Regards
  mks

More information about the ubuntu-users mailing list