what ecryptfs-unwrap-passphrase does?

passphrase data-recovery

Solution 1:

It's not a hashed value, but it is the 128-bit value that is the symmetric encryption/decryption passphrase (key) for your files. It just looks like an MD5 hash because it's a 128-bit value.

The passphrase you're queried for is the user's (your?) login password, with which the encryption passphrase/key is encrypted (in ecryptfs' terms "wrapped").

This enables you to change your login password (with which the encryption passphrase is wrapped) without changing the encryption passphrase itself (which would result in the need to re-encrypt all encrypted files).

Think of it like an SSH private key that you protected with a passphrase - only that, knowing the "raw" encryption passphrase, you can recover your encrypted files without knowing the wrapping passphrase.

So you may store this 128-bit value somewhere safe (i.e. write it down and lock it away somewhere), and even if you forget your wrapping passphrase (i.e. login password), or something else goes wrong, you will be able to recover your encrypted files with the ecryptfs-utils - particularly ecryptfs-recover-private after answering the question if you know your LOGIN password with No; it will then ask if you know the encryption passphrase, which you may then type in from the paper on which you've written it down.

Solution 2:

ecryptfs-unwrap-passphrase is used to display your mount passphrase. If you want to see your mount passphrase, use the following command:

ecryptfs-unwrap-passphrase /home/yourusername/.ecryptfs/wrapped-passphrase

More related information can be found here: https://help.ubuntu.com/community/EncryptedPrivateDirectory#Recovering_Your_Mount_Passphrase

Solution 3:

Did you ever resolve this? I'm suspecting that you accidentally checked the "Encrypt home directory" box when you installed Ubuntu. I've sometimes neglected to make a copy of the unwrapped hex passphrase myself. I don't know if there's a way to unlock the encrypted files on a new system if you don't have the hex passphrase. Thanks for the reminder. It may have been too late for you.

It looks like since timeshift normally runs as root that it doesn't access the decrypted versions of the directories and saves the encrypted versions of them. This is actually a good thing when you back up to an unencrypted external hard drive but it makes it more important to save the unwrapped hex passphrase. Maybe the Ubuntu developers should require that a USB stick be inserted at installation time to save it on?

Related

How effective is the Turbocharger for the Devotion LMG?
Showing tellraw message but no scoreboard messages in chat (CommandBlock)
Best, Cheap strategy to kill Queen Black Dragon
Minecraft doesn't recognize my second controller
What factors influence AI when trading cities; what is the range of options that they will find acceptable?
How to have enhanced steering buttons with SAS in Kerbal Space program?
Any way to save state of Minecraft in case I die?
Can anyone identify what the name of this outfit this is?
What is a great farming method for crimson charms?
"ench" NBT tag doesn't work in Minecraft 1.13 [duplicate]
How many organs can be harvest without killing prisoners?
How to equip Serana? [duplicate]