Ubuntu 18.04: mount encrypted disk
Solution 1:
If you have problems with the key (see dmesg
or syslog
), e.g.
Could not find key with description: [XXX]
process_request_key_err: No key
Could not find valid key in user session keyring for sig specified in mount option: [XXX]
then, try adding the passphrase manually: Option "1" in menu of /usr/bin/ecryptfs-manager
It helped me.
Solution 2:
I encountered the same problem after installing 18.04 when I tried to access my old encrypted data using ecryptfs-recover-private
. I was able to solve the issue by doing the following:
Unwrap your old mount passphrase
(You can skip this step if you know this mount passphrase)
You need to find out your mount passphrase so you can add it to the keyring. Assuming your current working directory is your former home partition, you do this by typing
ecryptfs-unwrap-passphrase .ecryptfs/old_user/.ecryptfs/wrapped-passphrase
This asks for your old login passphrase and outputs your old mount passphrase.
Add your mount passphrase to the kernel keyring
This is done by
printf "%s" "mount_passphrase" | ecryptfs-add-passphrase --fnek -
The --fnek
option may not be necessary, but it worked for me.
Mount your encrypted data in /tmp
Finally type
sudo ecryptfs-recover-private .ecryptfs/old_user/.Private/
This either asks for your mount passphrase directly or tries to unwrap it with your login passphrase. Although the previous steps appear redundant now, they made this step work, at least for me. Hope you'll have success, as well.
Solution 3:
It looks like ecryptfs-mount-private
is part of Encrypted Home and not full disk encryption, and the man page seems to confirm this. Just noting.
It seems that people have better luck by pointing to the encrypted filesystem instead of the directory, or without any parameters. For example:
ecryptfs-recover-private /media/<username>/<disk-guid>/home/.ecryptfs/<username>/.Private
ecryptfs-recover-private
There is a blog post that describes the process in detail:
The utility will do a deep find of the system's hard disk, looking for folders named ".Private", and will interactively ask you if it's the folder you'd like to recover. If you answer "yes", you will then be prompted for the login passphrase that's used to decrypt your wrapped, mount passphrase. Assuming you have the correct credentials, it will mount your Encrypted Home or Private directory in read-only mode, and point you at the temporary directory where it's mounted.
I'm having a hard time finding an example where the people use the incorrect passphrase when asked to recover with 'MOUNT passphrase', so it could be choking on that.
Others have reported issues when the new user and old user are different, and instead suggest pointing to the old user's home directory:
ecryptfs-recover-private /home/old_user/.Private
To recover, create a user with the old username, login as that user, and attempt to mount the drive.
The idea is you let the system mount it where it is familiar, and prevent this issue. The downfall is that you'll need the space available, but could be easier. After you restore the drive, copy the files to your new user.
Alternatively, change your user's username back to what it was, recover the files, and change your username back. In this case, you'll likely lose your new data, and is a relatively more dangerous operation.