Decrypt $HOME from Separate Partition after re-install

Question

Previously, I had installed 10.10 with three partitions - sda1-/boot(ext2) sda2-/(btrfs) sda3- /home(btrfs). And I have chosen encrypted home folder. Now on same machine I have installed 10.04 (LTS) with choosing new /boot on same sda1, / on same sda2 (ext4) and sda3(home) left untouched from earlier install.

My problem is that now I cant access/mount my previous home with ecryptfs-mount-private util with the passphrase of earlier home user. Here is the ERROR: Encrypted private directory is not setup properly. I have also installed btrfs utilities.

So are there any solutions/workarounds to gain access to $home on different partition.

Answer 1

Lucky you! I just had the same problem and wrote a script that will facilitate mounting ecryptfs Folders with FNEK.

sudo su -

Then open nano/vim/your editor of choice and create a file ecryptfs-fnek-helper.sh with the following contents:

#!/bin/bash

# Thanks to https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/455709
# 

echo "Where is the /home with the .ecryptfs mounted? (default=/mnt/home)"
read home_ecryptfs
if [ -z "$home_ecryptfs" ]; then
    home_ecryptfs=/mnt/home
fi
home_ecryptfs=$home_ecryptfs/.ecryptfs

echo "Whose encrypted home would you like to mount?"
read user
if [ -z "$user" ]; then
    echo "You have to enter a user!"
    exit;
fi

echo "What is the user's password?"
read -s password
if [ -z "$password" ]; then
    echo "You have to enter a password!"
    exit;
fi

echo "Where would you like to mount it? (Default: /mnt/[username])"
read target
if [ -z "$target" ]; then
    target=/mnt/$user
fi
target=$target/
mkdir -p $target

wrapped=$home_ecryptfs/$user/.ecryptfs/wrapped-passphrase
sig=$home_ecryptfs/$user/.ecryptfs/Private.sig
private=$home_ecryptfs/$user/.Private/

echo I will be mounting $private into $target.

echo "Clearing the keyring."
keyctl clear @u
keyctl list @u

echo "Unwrapping passphrase and inserting it into key:"
printf "%s" $password | ecryptfs-insert-wrapped-passphrase-into-keyring $wrapped -

keyctl list @u

echo -e "\e[0;92mPassphrase:"
echo -e '\e[1;92m'`printf "%s" $password | ecryptfs-unwrap-passphrase $wrapped - `'\e[0m'
echo -e "\e[0;96mFilename Encryption Key (FNEK) Signature:"
echo -e '\e[1;96m'`tail -n1 $sig`'\e[0m'
echo -e "Mounting now! Be sure to enable FNEK!"
mount.ecryptfs $private $target -o ecryptfs_cipher=aes,ecryptfs_key_bytes=16,key=passphrase

This will unwrap your passphrase and add it to the keyring. It will also display the passhprase and the correct FNEK signature, so you can copy/paste them when prompted by mount.ecryptfs.

Make the file executable and run it while still in su:

chmod +x ecryptfs-fnek-helper.sh
./ecryptfs-fnek-helper.sh

Answer 2

You could try to decrypt your home directory with the following command:

sudo ecryptfs-add-passphrase --fnek
sudo mount -t ecryptfs /home/username /home/username -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n,,ecryptfs_enable_filename_crypto=yes

If you have not encrypted the file names, remove the passphrase related commands/args. You could find more information about mouting ecryptfs here. Best Regards.