problem with ecryptfs-recover-private: mount(2) failed

encryption ecryptfs

I'm in the process of moving my OS and data from one drive to another within the same computer. (I got a nice, new SSD.) My old home directory had an encrypted sub directory inside, and I'd like to access the encrypted directory from my new install. I'm trying to use ecryptfs-recover-private. However, I run into the following error.

$ sudo ecryptfs-recover-private /BLAH/.Private
INFO: Found [.Private/].
Try to recover this directory? [Y/n]: 
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] 
INFO: Enter your LOGIN passphrase...
Passphrase: 
Inserted auth tok with sig [BLAH] into the user session keyring
mount: mount(2) failed: No such file or directory
ERROR: Failed to mount private data at [/tmp/ecryptfs.NcWkVmQ5].

I run into the same problem if I let ecryptfs-recover-private find the directory on its own or if I say no to the login passphrase but use the mount passphrase instead.

Thoughts?

(I realize there are several, similar questions on this site, but none seem to quite cover my situation.)


Solution 1:

So this simple command ecryptfs-recover-private, proved to be unreliable. None of the metohd above worked for me, trying to move from ecryptfs to LUKS container.

What did work, was the manual method describe in ubuntu community wiki

In detail:

# sudo -i
# ecryptfs-add-passphrase --fnek 
Inserted auth tok with sig [aaaaaaaaaaaaa] into the user session keyring 
Inserted auth tok with sig [bbbbbbbbbbbbb] into the user session keyring  
# mkdir -p /mnt/new_mount_point  
# mount -t ecryptfs /mnt/old_mount_point/home/username/.Private /mnt/new_mount_point
  • select 3 (use a passphrase key type, and use your recovered passphrase aka unwrapped-passphrase)
  • select aes (use the aes cipher)
  • select 16 (use a 16 byte key)
  • enable plaintext passthrough: n
  • enable filename encryption: y

Solution 2:

I'm not sure why this happens - maybe a screw-up in the kernel keyring when using the same LOGIN passphrase on your new setup as on the one you try to recover.

That said, adding the wrapped passphrase into the kernel keyring before trying to recover the filesystem works (be sure to use sudo on both commands below):

sudo ecryptfs-insert-wrapped-passphrase-into-keyring /BLAH/.ecryptfs/wrapped-passphrase
sudo ecryptfs-recover-private /BLAH/.Private

Solution 3:

For me this worked, as discussed on ecryptfs-mount-private fails to initialize ecryptfs keys:

sudo keyctl link @u @s
sudo ecryptfs-recover-private .Private

Solution 4:

I'm currently using debian testing and I recently needed to recover a file from the backup of my encrypted .Private folder. The backup is stored on my NAS. I experienced the same issue as you. Manually inserting the wrapped passphrase did not help and manually mounting the cifs filesystem (from my NAS) by root instead of creating the mount as my main user (to prevent right conflicts and whatever) did also not help.

However, after plainly rebooting my system, I could directly use the ecryptfs-recover-private command to mount the .Private folder, which itself was located on the cifs filesystem.

Though this is not explaining what's going wrong and it's one of the more frustrating hints you could get as a linux user:

reboot your system and try again :)

Related

How to safely change OS name in grub boot menu?
How to disable autologin in Lubuntu?
grep -E {,1} showing results that have more than 1 occurrence
How do I avoid a variable resetting at the beginning of a function?
regex: How to filter this numeric combo pasw?
Align whitespace after segmentation into sentences
docker-compose for Detached mode
How to know if Firebase Auth is currently retrieving user?
How to remove Entitlement after refund a test order (in app purchase) in play console
Should the mutex operation throw a system_error for locking twice? [duplicate]
C++11 (or Boost) system_error strategy
Mariadb columnstore autoincrement not working