[ubuntu-za] Encrypted Filesystem Question

Quintin van Rooyen quintin.vanrooyen at gmail.com
Wed Sep 16 16:20:33 BST 2009


SOLVED!

I went through a lot of troubleshooting to get this right.

Here is a quick walk-through, might not be perfect though. You need to
install ecryptfs-utils before doing this, and it is not available in the
live environment until you do apt-get update.

sudo aptitude install ecryptfs-utils

sudo mount -t ecryptfs /home/username/.Private /home/username/Private

I was asked what my passphrase was. Realised I forgots it :(

So I mounted the drive, and did:

ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase "login passphrase"

(Note that some of the symlinks may be broken, as it was in my case and I
had to follow the broken symlinks to the correct file.)

After running that command your passkey is spat out (you use your password
that you used to log into Ubuntu (in my case)) in plain text.

This in effect means that if someone can get hold of your harddrive with
your entire installation they can run a brute force with this command until
the correct passphrase is spat out. The wrapper-passphrase file is not in
/home. I forget now where it was.

After doing this I successfully mounted the file and browsed to it. I could
see files, open images and so on but the filenames and extentions where
horribly encrypted and for all intents and purposes useless.

So I backtracked and did the following:

Sudo mkdir /mount/encrypt (the name was so I could sanely identify the
mounted drive)
sudo mount /dev/sda6 /mount/encrypt
sudo mount -o bind /dev /mount/encrypt/dev
sudo mount -o bind /proc /mount/encrypt/proc
sudo mount -o bind /sys /mount/encrypt/sys

Then I chrooted into the drive:

sudo chroot /mount/encrypt

I then changed into the correct username:

su - quintin

and I was asked to enter my password. So I did (for the old install)

I ran the ecryptfs-mount command and entered my (previously recovered)
passphrase but was promptly informed that it was incorrect. So I had to tell
the install what the correct one is by using:

ecryptfs-add-passphrase --fnek

I was prompted for the passphrase (the long monster of a thing that gets
spat out if you ever decide to encrypt a drive)

After that I ran:

ecryptfs-mount-private and was asked for my passphrase again and I
entered it. This time it was accepted and I could do a:

cd $HOME

After much churning and noise (the HDD is bad :() my files where displayed!

I could now browse to the folder in nautilus (after Jaco Kroon helped
me with something that I did not understand about chroot, thanks Jaco)
and I could start copying the important stuff over.

So there you are.

Thanks for all the suggestions, and here are the howto's I followed,
but they do not work in and of themselves:

http://blog.dustinkirkland.com/2009/03/mounting-your-encrypted-home-from.html
https://help.ubuntu.com/community/EncryptedPrivateDirectory#Recovering%20Your%20Data%20Manually


-- 
Quintin van Rooyen
0824772477
quintin.vanrooyen at gmail.com
The New SA Geek!
http://blog.sageek.co.za
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-za/attachments/20090916/6d7427d2/attachment-0002.htm 


More information about the ubuntu-za mailing list