Is my home folder really encrypted?
Hi,
In a new installation of Belenos GNOME edition, I chose to encrypt my home folder. In this installation, I partitioned manually. I was never prompted for an encryption pass phrase. Does this mean my login password is also used to unlock encryption, or did the install go as if I hadn't chosen this option?
Yes, your login password decrypts it. There is also a special passphrase (I forget when you're told what it is, I want to say when you log in or something?), but you don't normally use it.
If you want to be absolutely sure your home folder is encrypted, try logging in as another user and checking it from there.
Thanks! I'll try looking at the folder from elsewhere, maybe try mounting it in /mnt on the live cd. If some other pass phrase were displayed at first login, I didn't hear it. Also, if I change my login password, what will happen to the encryption?
$ecrypt-unwrap-passphrase
if you want to acquire this mount passphrase at a later date, just run the ecryptfs-unwrap-passphrase command while logged in.
You can still recover your encrypted files without this mount passphrase, assuming the ecryptfs wrapped passphrase is still available on your hard drive. However, if you lose this data or it becomes corrupted, you’ll need the mount passphrase to recover your files.
http://www.howtogeek.com/116297/how-to-recover-an-encrypted-home-directory-on-ubuntu/
Hi,
In a new installation of Belenos GNOME edition, I chose to encrypt my home
folder. In this installation, I partitioned manually. I was never prompted
for an encryption pass phrase. Does this mean my login password is also used
to unlock encryption, or did the install go as if I hadn't chosen this
option?
$ecrypt-unwrap-passphrase
you want to acquire this mount passphrase at a later date, just run the
ecryptfs-unwrap-passphrase command while logged in.
You can still recover your encrypted files without this mount passphrase,
assuming the ecryptfs wrapped passphrase is still available on your hard
drive. However, if you lose this data or it becomes corrupted, you’ll need
the mount passphrase to recover your files.
http://www.howtogeek.com/116297/how-to-recover-an-encrypted-home-directory-on-ubuntu/
Thanks! I'll try looking at the folder from elsewhere, maybe try mounting it
in /mnt on the live cd. If some other pass phrase were displayed at first
login, I didn't hear it. Also, if I change my login password, what will
happen to the encryption?
I tried the ecryptfs-unlock-passphrase command, and got an error after entering my login password. The error message tells me to look in a log, but not which file. /var/log/syslog seems not to have anything about libecryptfs. Any other suggestions?
Thanks,
Dave
david@belenos:~$ ecryptfs-unwrap-passphrase /home/david/
Passphrase:
Error: Unwrapping passphrase failed [-21]
Info: Check the system log for more information from libecryptfs
david@belenos:~$
ecryptfs-unwrap-passphrase /home/username/.ecryptfs/wrapped-passphrase
https://help.ubuntu.com/community/EncryptedPrivateDirectory#Recovering_Your_Mount_Passphrase
https://help.ubuntu.com/community/EncryptedPrivateDirectory
/var/log/syslog
/var/log/user.log
/var/log/auth.log
thanks for all these references! After posting my last reply, I booted the live Trisquel image, and mounted my /home partition. When I changed to my home folder, I was never prompted for passphrases, and I could read all the files. This suggests a bug in ubiquity, with the effect that, choosing the manual partition negates the action of checking the "encrypt my home folder" setting. It looks like I'll have to create another root user, and do this encryption manually; I found this reference for the procedure.
http://ubuntuguide.net/how-to-encrypt-home-folder-in-ubuntu-12-04
thanks, all,
Dave
Yes, your login password decrypts it. There is also a special passphrase (I
forget when you're told what it is, I want to say when you log in or
something?), but you don't normally use it.
If you want to be absolutely sure your home folder is encrypted, try logging
in as another user and checking it from there.
I tried the ecryptfs-unlock-passphrase command, and got an error after
entering my login password. The error message tells me to look in a log, but
not which file. /var/log/syslog seems not to have anything about libecryptfs.
Any other suggestions?
Thanks,
Dave
david@belenos:~$ ecryptfs-unwrap-passphrase /home/david/
Passphrase:
Error: Unwrapping passphrase failed [-21]
Info: Check the system log for more information from libecryptfs
david@belenos:~$
ecryptfs-unwrap-passphrase /home/username/.ecryptfs/wrapped-passphrase
https://help.ubuntu.com/community/EncryptedPrivateDirectory#Recovering_Your_Mount_Passphrase
https://help.ubuntu.com/community/EncryptedPrivateDirectory
/var/log/syslog
/var/log/user.log
/var/log/auth.log
thanks for all these references! After posting my last reply, I booted the
live Trisquel image, and mounted my /home partition. When I changed to my
home folder, I was never prompted for passphrases, and I could read all the
files. This suggests a bug in ubiquity, with the effect that, choosing the
manual partition negates the action of checking the "encrypt my home folder"
setting. It looks like I'll have to create another root user, and do this
encryption manually; I found this reference for the procedure.
http://ubuntuguide.net/how-to-encrypt-home-folder-in-ubuntu-12-04
thanks, all,
Dave