Cannot mount old encrypted home directory

I host my home directory on a hard drive separate from the rest of the Ubuntu install. I recently got a new drive and I'm in the process of migrating my user data from the old drive to the new one.

The problem is: I used ecryptfs to encrypt my user's home directory and now I can't mount the old encrypted directory. I am aware of this similar thread, and I've attempted to use the ecryptfs-recover-private command as suggested, but I get the following error (updated with the output of dmsg):

jrsmith3@hermes:~$ sudo ecryptfs-recover-private || sudo dmesg -T | tail -n 5
INFO: Searching for encrypted private directories (this might take a while)...
INFO: Found [/mnt/.ecryptfs/jrsmith3/.Private].
Try to recover this directory? [Y/n]: 
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] 
INFO: Enter your LOGIN passphrase...
Passphrase: 
Inserted auth tok with sig [154a85415793937b] into the user session keyring
mount: No such file or directory
ERROR: Failed to mount private data at [/tmp/ecryptfs.HUXQDUjB].
[Sun Dec  6 10:21:34 2015] Could not find key with description: [a798123c6b6e6b59]
[Sun Dec  6 10:21:34 2015] process_request_key_err: No key
[Sun Dec  6 10:21:34 2015] Could not find valid key in user session keyring for sig specified in mount option: [a798123c6b6e6b59]
[Sun Dec  6 10:21:34 2015] One or more global auth toks could not properly register; rc = [-2]
[Sun Dec  6 10:21:34 2015] Error parsing options; rc = [-2]

I suspect the problem may not be with ecryptfs; it looks like the error is occuring with the mount command, but I can't figure it out.

I'm running Ubuntu:

Distributor ID: Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:    14.04
Codename:   trusty

Thanks in advance!


Try stepping through the ecryptfs-recover-private script yourself? It's just a bash script, you can copy & paste relevant lines into a terminal, replacing variables with your actual files.

You can also copy the ecryptfs-recover-private script and modify it, adding some extra echo lines to see what variables are before mounting, echo lines to be run, etc. (I'm certain there's a bash setting to display every line before it's run, but can't remember it right now.)

Maybe the ecryptfs-insert-wrapped-passphrase-into-keyring or the .ecryptfs/Private.sig signatures aren't matching, though the script checks for that.... but your output inserts one key sig, and tries mounting with a different sig.

At least you could run mount with -v for a little more feedback and to verify that the folders and sigs are correct.

There's also a bug, I thought just in mount.ecryptfs but maybe showing up here, where the fnek & fekek sigs get switched somehow.

Or, maybe some files have been corrupted. Any fsck news, or a current backup may be required. Also /var/log/syslog could have even more info.


I had the same error ERROR: Failed to mount private data at [/tmp/ecryptfs....] after I renamed the previous (original) POSIX username to old_user and then created a new user with the original (previous username's) login.

To be able to mount the encrypted home directory from the old_user, I had to remake the symbolik links for .encryptfs and .Private in its folder (as they had poinded to /home/original_name/).

After that, the following command mounted the old home without any problem.

/usr/bin/ecryptfs-recover-private /home/old_user/.Private

If the above fails because of the key issue (see dmesg or syslog), e.g.

Could not find key with description: [XXX]
process_request_key_err: No key Could not find valid key in user session keyring for sig specified in mount option: [XXX]

then, try adding the passphrase manually: Option 1 in /usr/bin/ecryptfs-manager (it may show you that the key is already there, it's OK.) and then execute ecryptfs-recover-private /home/old_user/.Private once again. If it still gives you an error, try this command:

ecryptfs-insert-wrapped-passphrase-into-keyring /home/old_user/.ecryptfs/wrapped-passphrase