Decrypting a users home directory

27 risposte [Ultimo contenuto]
BoydHAko
Offline
Iscritto: 04/24/2012

So, I just upgraded from 4.1 LTS to 5.5 STS. When I did the install I didn't format the old /home partition because I wanted to keep my old profile. However, I noticed that my old profile has two files in it; one being a README. The README said to type in a command to mount the other encrypted file; which I assume is a encrypted container for my old profile.

But, when I follow the readme I don't see a mount point to access the files in the container. Any ideas?

Nathan
Offline
Iscritto: 09/01/2011

bump

Magic Banana

I am a member!

I am a translator!

Offline
Iscritto: 07/24/2010

Could you be more specific? How was this partition encrypted? What is the
'mount' command you are talking about? What do you call "a profile"? Is it
your home folder or something else?

Notice that I am just trying to help you get a response from somebody who
would be knowledgeable (I personally have no experience with encryption).

Chris

I am a member!

Offline
Iscritto: 04/23/2011

BoydHAko is probably referring to cryptfs which is available during the
installation of Trisquel. It encrypts the home directory. I'm no expert in
this particular matter though. I've attempted to recover and help others
recover from situations where the system was not bootable as a result of this
software. Unfortunately the documentation isn't great and even following very
clear directions may or does not work. At best I can say the software is
problematic and lacking of solid documentation (It may just be the
implementation that is a problem- I have not used this on non-Debin/Ubuntu
derived distributions).

I would not recommend it for use with Trisquel in any case. I'm confident
there are today a number of other solutions that work far better. Maybe
somebody else who knows more can provide recovery instructions that actually
works... ? or otherwise suggest something that does.

Mampir
Offline
Iscritto: 12/16/2009

*duplicate*

Nathan
Offline
Iscritto: 09/01/2011

Duplimafied message

BoydHAko
Offline
Iscritto: 04/24/2012

The partition isn't encrypted. The old unformatted partition is intact and
contains my old profile directory....

binary@bitslip:/home/psyber$ ls -al
total 12
dr-x------ 3 binary binary 4096 2011-04-15 00:30 .
drwxr-xr-x 6 root root 4096 2012-04-23 22:38 ..
lrwxrwxrwx 1 binary binary 56 2011-04-15 00:26
Access-Your-Private-Data.desktop ->
/usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop
drwx------ 3 binary binary 4096 2011-04-27 22:43 .cache
lrwxrwxrwx 1 binary binary 32 2011-04-15 00:26 .ecryptfs ->
/home/.ecryptfs/psyber/.ecryptfs
lrwxrwxrwx 1 binary binary 31 2011-04-15 00:26 .Private ->
/home/.ecryptfs/psyber/.Private
lrwxrwxrwx 1 binary binary 52 2011-04-15 00:26 README.txt ->
/usr/share/ecryptfs-utils/ecryptfs-mount-private.txt
binary@bitslip:/home/psyber$

Magic Banana

I am a member!

I am a translator!

Offline
Iscritto: 07/24/2010

Could you be more specific? How was this partition encrypted? What is the 'mount' command you are talking about? What do you call "a profile"? Is it your home folder or something else?

Notice that I am just trying to help you get a response from somebody who would be knowledgeable (I personally have no experience with encryption).

Chris

I am a member!

Offline
Iscritto: 04/23/2011

BoydHAko is probably referring to cryptfs which is available during the installation of Trisquel. It encrypts the home directory. I'm no expert in this particular matter though. I've attempted to recover and help others recover from situations where the system was not bootable as a result of this software. Unfortunately the documentation isn't great and even following very clear directions may or does not work. At best I can say the software is problematic and lacking of solid documentation (It may just be the implementation that is a problem- I have not used this on non-Debin/Ubuntu derived distributions).

I would not recommend it for use with Trisquel in any case. I'm confident there are today a number of other solutions that work far better. Maybe somebody else who knows more can provide recovery instructions that actually work... ? or otherwise suggest something that does.

There appear to be a number of people who have run into an issue with this software using Trisquel.

Mampir
Offline
Iscritto: 12/16/2009

I did this recently and it seems overly complicated. I did it with the help of the Ubuntu's documentation. I'll explain how you can do this.

I tried the following steps from a live system.

You need two directories to mount file systems to – one for the encrypted files and one for the decrypted:

sudo mkdir /mnt/real /mnt/ecrypt

Mount the file system with the encrypted files. I don't know which one is in your case, but let's says it's /dev/sda4:

sudo mount /dev/sda4 /mnt/real

Now you should get your eCryptfs mount passphrase. This passphrase is 32 long and consisting of hexadecimal digits. If you didn't wrote it down when you installed the system, you may be able still get it like this:

(Substitute “USER” the user's name which files you want decrypted.)

ecryptfs-unwrap-passphrase /mnt/real/.ecryptfs/USER/.ecryptfs/wrapped-passphrase

You'll be asked for the username's passphrase/password. This is the passphrase that was used to login in the system with that user.

Now you'll need to get the Filename Encryption Key (FNEK) signature:

(It's important to do this command as root (with sudo in front).)

sudo ecryptfs-add-passphrase --fnek

You'll be ask for the eCryptfs mount passphrase.

Two lines with one signature on each line will be outputed, each signature between square brackets. The FNEK signature is on the second line, and should be 16 hexadecimal digits long.

The last step is to mount the eCryptfs in a decrypted format:

(Substitute “USER” the user's name which files you want decrypted.)

sudo mount -t ecryptfs /mnt/real/.ecryptfs/USER/.Private /mnt/ecrypt

You'll be ask for the eCryptfs mount passphrase.

You'll also be asked various other question. Respond with enter (choosing the default anwsers) until you're asked to “Enable filename encryption (y/n) [n]:”. Answer “y” for filename encryption.

Then you'll be asked for the FNEK signature.

You'll get warned about never mounting with this key before, and you will be ask for confirmation to proceed with the mount. Answer “yes”.

You'll be asked if you want to append a signature, so you don't get the previous warning every time you mount the files. Answer whatever you choose.

If everything is OK, then you'll be able to browse trough your now decrypted files. But you also may get the following error:

Error mounting eCryptfs: [-2] No such file or directory

This error is not clear, and might come up for various reasons. If it comes up, try running the following command again:

sudo ecryptfs-add-passphrase --fnek

Then trying the last step again. I actually had to do “sudo ecryptfs-add-passphrase --fnek” before every mount of eCryptfs. I don't know why.

After you're done, you can unmount everything and remove the unneeded directories like this:

sudo umount /mnt/ecrypt
sudo umount /mnt/real
sudo rmdir /mnt/real /mnt/ecrypt
Chris

I am a member!

Offline
Iscritto: 04/23/2011

:) For those reading this now you know why I don't recommend it. It shouldn't be this much work to recovery your encrypted data.

Chris

I am a member!

Offline
Iscritto: 04/23/2011

:) For those reading this now you know why I don't recommend it. It shouldn't
be this much work to recovery your encrypted data.

Nathan
Offline
Iscritto: 09/01/2011

what do I do about this?

http://i.imgur.com/LiEbe.png

Mampir
Offline
Iscritto: 12/16/2009

I'm not sure, but it seems there's something wrong with the file system you're trying to mount. What type is the file system you are trying to mount? You can check with Disk Utility, which comes preinstalled with Trisquel.

My guess is that the file system is XFS. I haven't used XFS, but if this is the file system in your case, you can try running xfs_check and xfs_repair on it, like this:

sudo xfs_check /dev/sda6

With the output of the command above you should judge whether to run this:

sudo xfs_repair /dev/sda6
Mampir
Offline
Iscritto: 12/16/2009

*duplicate*

Nathan
Offline
Iscritto: 09/01/2011

duplicate

Nathan
Offline
Iscritto: 09/01/2011

I will attempt that tonight...
I will be able to just save everything in my home folder to a removable hard drive, right?

Mampir
Offline
Iscritto: 12/16/2009

Sure.

Mampir
Offline
Iscritto: 12/16/2009

*duplicate*

BoydHAko
Offline
Iscritto: 04/24/2012

The partition isn't encrypted. The old unformatted partition is intact and contains my old profile directory....

binary@bitslip:/home/psyber$ ls -al
total 12
dr-x------ 3 binary binary 4096 2011-04-15 00:30 .
drwxr-xr-x 6 root root 4096 2012-04-23 22:38 ..
lrwxrwxrwx 1 binary binary 56 2011-04-15 00:26 Access-Your-Private-Data.desktop -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop
drwx------ 3 binary binary 4096 2011-04-27 22:43 .cache
lrwxrwxrwx 1 binary binary 32 2011-04-15 00:26 .ecryptfs -> /home/.ecryptfs/psyber/.ecryptfs
lrwxrwxrwx 1 binary binary 31 2011-04-15 00:26 .Private -> /home/.ecryptfs/psyber/.Private
lrwxrwxrwx 1 binary binary 52 2011-04-15 00:26 README.txt -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt
binary@bitslip:/home/psyber$

Mampir
Offline
Iscritto: 12/16/2009

Yes, your home directory is encrypted with eCryptfs, not the partition itself. Follow the guide I wrote, if you want to access the encrypted files in your old user's home directory.

BoydHAko
Offline
Iscritto: 04/24/2012

Do you know which package I need to install to get those commands to work? It's not popping up on the tab complete.

Mampir
Offline
Iscritto: 12/16/2009

The package is ecryptfs-utils and is installed by default in a typical Trisquel installation.

Mampir
Offline
Iscritto: 12/16/2009

*duplicate*

lembas
Offline
Iscritto: 05/13/2010

Dunno if it's the case here but some commands only TAB complete when you
prepend the command with sudo or are root.

BoydHAko
Offline
Iscritto: 04/24/2012

Do you know which package I need to install to get those commands to work?
It's not popping up on the tab complete.

lembas
Offline
Iscritto: 05/13/2010

Dunno if it's the case here but some commands only TAB complete when you prepend the command with sudo or are root.

Mampir
Offline
Iscritto: 12/16/2009

*duplicate*