Ubuntu: ecryptfs-recover-private creating unreadable encrypted folders



Question:

After months of proper functioning has ecryptfs has become corrupted and rendered /home/ inaccessible. when running (both via guest account and from live-CD):

root@ubuntu:/media/backup/home/me# ecryptfs-mount-private  ERROR: Encrypted private directory is not setup properly`  

I then tried:

root@ubuntu:/media/backup/home/me# ecryptfs-recover-private  INFO: Searching for encrypted private directories (this might take a while)...  INFO: Found [/media/backup/home/.ecryptfs/me/.Private].  Try to recover this directory? [Y/n]: Y  INFO: Found your wrapped-passphrase  Do you know your LOGIN passphrase? [Y/n] n  INFO: To recover this directory, you MUST have your original MOUNT passphrase.  INFO: When you first setup your encrypted private directory, you were told to record  INFO: your MOUNT passphrase.  INFO: It should be 32 characters long, consisting of [0-9] and [a-f].    Enter your MOUNT passphrase:   INFO: Success!  Private data mounted read-only at [/tmp/ecryptfs.uDWfDMCO].  root@ubuntu:/media/backup/home/me# ls /tmp/ecryptfs.uDWfDMCO/ECRYPTFS_FNEK_ENCRYPTED.F  Display all 124 possibilities? (y or n)'  

This created 124 encrypted folders which apparently hold my /home/ data. I just don't know how to access this data. and when looking at /var/log/syslog/ There are very many of the following errors:

Dec 3 11:19:22 ubuntu kernel: [ 1627.918209] ecryptfs_parse_tag_70_packet: Error attempting to find auth tok for fnek sig [1b62c525049b45e0]; rc = [-2] Dec 3 11:19:22 ubuntu kernel: [ 1627.918214] ecryptfs_decode_and_decrypt_filename: Could not parse tag 70 packet from filename; copying through filename as-is

I would really like to either get ecryptfs working again properly or to at least recover my data.

help would be really really appreciated.

Thanks, Daniel


Solution:1

Whenever I try to use the MOUNT passphrase, I get these errors too (my encrypted home folder was not corrupted):

[ 2977.052719] ecryptfs_parse_tag_70_packet: Error attempting to find auth tok for fnek sig [2e1f1a0ca6f5f8f3]; rc = [-2]  [ 2977.052721] ecryptfs_decode_and_decrypt_filename: Could not parse tag 70 packet from filename; copying through filename as-is  [ 2977.052726] Could not find key with description: [2e1f1a0ca6f5f8f3]  [ 2977.052728] process_request_key_err: No key  

I managed to successfully mount my old home folder simply using the LOGIN passphrase, that is the original password you used when you first created your ecryptfs home folder.

host:/mnt/mountpoint/home/.ecryptfs/user> ecryptfs-recover-private .Private  INFO: Found [.Private].  Try to recover this directory? [Y/n]:   INFO: Found your wrapped-passphrase  Do you know your LOGIN passphrase? [Y/n]   INFO: Enter your LOGIN passphrase...  Passphrase:   Inserted auth tok with sig [XXXXXXXXXXXXXXXXXX] into the user session keyring  INFO: Success!  Private data mounted read-only at [/tmp/ecryptfs.8dXogIbs].  


Solution:2

I had the same problem. What I did to created the problem was altering my user password by doing a sudo passwd which worked fine; but the next day when I tried to login, was then stuck in the gdm login loop.

Then went to the virtual terminal using ctrl-alt-F1, logged in with my new pw, saw that home was empty, did a

ecryptfs-recover-private  

and typed my OLD password. then my home was mounted again and so then could switch back to the graphical interface ctrl-F7 and login with the NEW password :)

Then it was possible to update my cryptfs password on a terminal with:

ecryptfs-rewrap-passphrase /home/.ecryptfs/$USER/.ecryptfs/wrapped-passphrase  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »