Ubuntu 18.04: mount encrypted disk

mount encryption ecryptfs

Solution 1:

If you have problems with the key (see dmesg or syslog), e.g.

Could not find key with description: [XXX]
process_request_key_err: No key
Could not find valid key in user session keyring for sig specified in mount option: [XXX]

then, try adding the passphrase manually: Option "1" in menu of /usr/bin/ecryptfs-manager

It helped me.

Solution 2:

I encountered the same problem after installing 18.04 when I tried to access my old encrypted data using ecryptfs-recover-private. I was able to solve the issue by doing the following:

Unwrap your old mount passphrase

(You can skip this step if you know this mount passphrase)

You need to find out your mount passphrase so you can add it to the keyring. Assuming your current working directory is your former home partition, you do this by typing

ecryptfs-unwrap-passphrase .ecryptfs/old_user/.ecryptfs/wrapped-passphrase

This asks for your old login passphrase and outputs your old mount passphrase.

Add your mount passphrase to the kernel keyring

This is done by

printf "%s" "mount_passphrase" | ecryptfs-add-passphrase --fnek -

The --fnek option may not be necessary, but it worked for me.

Mount your encrypted data in /tmp

Finally type

sudo ecryptfs-recover-private .ecryptfs/old_user/.Private/

This either asks for your mount passphrase directly or tries to unwrap it with your login passphrase. Although the previous steps appear redundant now, they made this step work, at least for me. Hope you'll have success, as well.

Solution 3:

It looks like ecryptfs-mount-private is part of Encrypted Home and not full disk encryption, and the man page seems to confirm this. Just noting.

It seems that people have better luck by pointing to the encrypted filesystem instead of the directory, or without any parameters. For example:

ecryptfs-recover-private /media/<username>/<disk-guid>/home/.ecryptfs/<username>/.Private
ecryptfs-recover-private

There is a blog post that describes the process in detail:

The utility will do a deep find of the system's hard disk, looking for folders named ".Private", and will interactively ask you if it's the folder you'd like to recover. If you answer "yes", you will then be prompted for the login passphrase that's used to decrypt your wrapped, mount passphrase. Assuming you have the correct credentials, it will mount your Encrypted Home or Private directory in read-only mode, and point you at the temporary directory where it's mounted.

I'm having a hard time finding an example where the people use the incorrect passphrase when asked to recover with 'MOUNT passphrase', so it could be choking on that.

Others have reported issues when the new user and old user are different, and instead suggest pointing to the old user's home directory:

ecryptfs-recover-private /home/old_user/.Private

To recover, create a user with the old username, login as that user, and attempt to mount the drive.

The idea is you let the system mount it where it is familiar, and prevent this issue. The downfall is that you'll need the space available, but could be easier. After you restore the drive, copy the files to your new user.

Alternatively, change your user's username back to what it was, recover the files, and change your username back. In this case, you'll likely lose your new data, and is a relatively more dangerous operation.

Related

Can I create a new script and chmod it in one command?
Shutdown/Reboot hangs Indefinitely - Ubuntu 16.04
How to install xnviewmp in ubuntu 14.04?
Login screen won't accept my password
No launcher or menu [duplicate]
Ubuntu 14.04 Realtek Semiconductor Co., Ltd. RTS5227 PCI Express Card Reader isn't working
Adding grouped icons to favorite bar in Ubuntu 18.04
How to get a list of files for a package I haven't installed yet?
How can I auto-hide the launcher via a script, when I maximize the browser?
How can I make xfce4-volumed keep giving notifications in Lubuntu?
Monitor won't enter power save mode
How can a proxy be set for the whole xubuntu system?