Cannot mount old encrypted home directory
I host my home
directory on a hard drive separate from the rest of the Ubuntu install. I recently got a new drive and I'm in the process of migrating my user data from the old drive to the new one.
The problem is: I used ecryptfs to encrypt my user's home directory and now I can't mount the old encrypted directory. I am aware of this similar thread, and I've attempted to use the ecryptfs-recover-private
command as suggested, but I get the following error (updated with the output of dmsg
):
jrsmith3@hermes:~$ sudo ecryptfs-recover-private || sudo dmesg -T | tail -n 5
INFO: Searching for encrypted private directories (this might take a while)...
INFO: Found [/mnt/.ecryptfs/jrsmith3/.Private].
Try to recover this directory? [Y/n]:
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n]
INFO: Enter your LOGIN passphrase...
Passphrase:
Inserted auth tok with sig [154a85415793937b] into the user session keyring
mount: No such file or directory
ERROR: Failed to mount private data at [/tmp/ecryptfs.HUXQDUjB].
[Sun Dec 6 10:21:34 2015] Could not find key with description: [a798123c6b6e6b59]
[Sun Dec 6 10:21:34 2015] process_request_key_err: No key
[Sun Dec 6 10:21:34 2015] Could not find valid key in user session keyring for sig specified in mount option: [a798123c6b6e6b59]
[Sun Dec 6 10:21:34 2015] One or more global auth toks could not properly register; rc = [-2]
[Sun Dec 6 10:21:34 2015] Error parsing options; rc = [-2]
I suspect the problem may not be with ecryptfs; it looks like the error is occuring with the mount
command, but I can't figure it out.
I'm running Ubuntu:
Distributor ID: Ubuntu
Description: Ubuntu 14.04.3 LTS
Release: 14.04
Codename: trusty
Thanks in advance!
Try stepping through the ecryptfs-recover-private
script yourself? It's just a bash script, you can copy & paste relevant lines into a terminal, replacing variables with your actual files.
You can also copy the ecryptfs-recover-private
script and modify it, adding some extra echo lines to see what variables are before mounting, echo lines to be run, etc. (I'm certain there's a bash setting to display every line before it's run, but can't remember it right now.)
Maybe the ecryptfs-insert-wrapped-passphrase-into-keyring
or the .ecryptfs/Private.sig
signatures aren't matching, though the script checks for that.... but your output inserts one key sig, and tries mounting with a different sig.
At least you could run mount with -v
for a little more feedback and to verify that the folders and sigs are correct.
There's also a bug, I thought just in mount.ecryptfs
but maybe showing up here, where the fnek & fekek sigs get switched somehow.
Or, maybe some files have been corrupted. Any fsck
news, or a current backup may be required. Also /var/log/syslog
could have even more info.
I had the same error ERROR: Failed to mount private data at [/tmp/ecryptfs....]
after I renamed the previous (original) POSIX username to old_user and then created a new user with the original (previous username's) login.
To be able to mount the encrypted home directory from the old_user, I had to remake the symbolik links for .encryptfs and .Private in its folder (as they had poinded to /home/original_name/).
After that, the following command mounted the old home without any problem.
/usr/bin/ecryptfs-recover-private /home/old_user/.Private
If the above fails because of the key issue (see dmesg or syslog), e.g.
Could not find key with description: [XXX]
process_request_key_err: No key Could not find valid key in user session keyring for sig specified in mount option: [XXX]
then, try adding the passphrase manually: Option 1 in /usr/bin/ecryptfs-manager
(it may show you that the key is already there, it's OK.) and then execute ecryptfs-recover-private /home/old_user/.Private
once again.
If it still gives you an error, try this command:
ecryptfs-insert-wrapped-passphrase-into-keyring /home/old_user/.ecryptfs/wrapped-passphrase