March 12, 2012 — 16:50

Author: silver  Category: encryption linux  Comments: 0

Mount manually:

mount -t ecryptfs /home/username/.Private /home/username/Private

Change user password:

# ecryptfs-rewrap-passphrase /home/.ecryptfs/$USER/.ecryptfs/wrapped-passphrase

Recover without login password (needs mount passphrase):

# sudo ecryptfs-add-passphrase --fnek

[Enter mount passphrase]

Inserted auth tok with sig [9986ad986f986af7] into the user session keyring
Inserted auth tok with sig [76a9f69af69a86fa] into the user session keyring

# sudo mount -t ecryptfs /home/username/.Private /home/username/Private

Enter aes, 16, Enable: plaintext passthrough: no, Enable filename encryption: yes
Enter fnek signature (76a9f69af69a86fa)

(auth tok signatures will match /home/.ecryptfs/username/.ecryptfs/Private.sig)

Restore from backup:

Mount backup image file under /mnt/img (or restore your homedir files some other way)

mount backup.img /mnt/img

Prepare ecryptfs backup:

rm /mnt/img/home/username/.Private
sudo ln -s /mnt/img/home/.ecryptfs/username/.Private /mnt/img/home/username/.Private

Then use the following script by “Ian D. Allen” from

Mount the backup under /mnt/tmp

sudo su -
mkdir /mnt/tmp
USER=username; ./ecryptfs-mount-backup /mnt/img/home/username /mnt/tmp

Leave a Reply