5

My problem is the following:

I decided to do an apt-get dist-upgrade. At first it said that it had to remove a lot of programs, which seemed a little suspicious, but I trusted the upgrade system. I said to myself "well, maybe there are dependencies issues, and it's easier for the update system to remove those programs and install the newer ones. We are in the year 2015, it probably knows what it's doing". Well, it didn't, since it deleted the OS basically.

So now my problem is the following: I can't recover my personal files because my home folder is encrypted, and I don't have the mount passphrase, only my user password. I searched all the web but I couldn't find anything that solved my problem. I tried booting from a live-cd and recover the passphrase with ecryptfs-unwrap-passphrase but it was worthless, because when I try, it asks me for my... passphrase (I tried my user password but it didn't work out). I also tried using this script, but it only outputs unrecognized characters.

I tried the approaches suggested here but eventually they didn't work out, basically when I'm asked for my passphrase, which I couldn't recover yet with any of those methods.

Any suggestions?

EDIT: @zhongfu

I did that, and I get the following:

INFO: Found [MYUSER].
Try to recover this directory? [Y/n]: y
INFO: Could not find your wrapped passphrase file.
INFO: To recover this directory, you MUST have your original MOUNT passphrase.
INFO: When you first setup your encrypted private directory, you were told to record
INFO: your MOUNT passphrase.
INFO: It should be 32 characters long, consisting of [0-9] and [a-f].
Enter your MOUNT passphrase:

so we are back at square one. So I went to /media/xubuntu/f6c13be2-8045-4ec6-b1af-c1f2524de4ed/home/.ecryptfs/MYUSER/.ecryptfs and there is a file called wrapped-pashprasse, so apparently there is a wrapped passphrase, and I don’t know why it said that it couldn’t find it earlier. Next I did ecryptfs-unwrap-passphrase, I enter my account password, but I get the same result. I don't know what else to do.

I opened the wrapped passhprase file with gedit and got strange symbols mixed with hex values. If I could see correctly what characters the strange symbols are encoding, I could get the passphrase, but I don't know how.

I was thinking, maybe if I could get the binary representation of that file, I could convert those symbols into hex by myself, right?

Community
  • 1
thorne
  • 61
  • Please explain exactly, what you tried, what you expected to happen and what happened instead. Reproduce all error messages, that you encounter, verbatim. Please [edit] your question, if you want to add information. Don't use the answer or comment section for that purpose. Especially file or program output listings (with the help of the {} button in the editor toolbar) are much more readable there and overall it's best to have everything relevant in one place. Also, comments may be deleted for various reasons. – David Foerster Apr 15 '15 at 23:41

3 Answers3

1

I had the same problem this weekend after upgrading to kubuntu 18.04. I realized, belatedly, that I hadn't recently archived my files and, while I didn't format the /home partition, I couldn't access the files therein. The above didn't work for me, but should have. I could find and unwrap the wrapped passphrase, but plugging it into either method above didn't work.

I eventually found a bug report which doesn't seem to be causing my problem, but did expose a way to get in. I started with keyctl clear @u to clear the stored keys (run everything as sudo). Run ecryptfs-mount-private on the appropriate directory to generate the two keys. Next run ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase as in the solutions above, and copy the displayed passphrase that is called PPPP... in the link (if you get a passphrase here you have entered the correct login password).

Next run sudo ecryptfs-add-passphrase --fnek as in the bug report and paste the copied passphrase. Follow the remaining instructions from the bug report exactly and you should have access again. Copy somewhere safe and continue.

Stephen Rauch
  • 1,156
Dean Boulding
  • 11
  • 1
1

You can try using ecryptfs-recover-private.

  1. Boot into your live CD, preferably an Ubuntu one of a newer version
  2. Mount the partition containing your home directory (either your root partition, or your /home partition if you have one)
  3. In your terminal, navigate to the directory containing your home directory (should be something like /media/PARTITION_UUID/home)
  4. Run ecryptfs-recover-private USERNAME. It should prompt you with a few questions, and if it's successful, it will return a directory to which your home folder is mounted read-only. (e.g. /tmp/ecryptfs.Jd7xE2Bd)
zhongfu
  • 1,449
1

I had the same problem and your question was really useful to me. For the future, these are the things I needed to do:

  1. First, locate the ecryptfs directory. In my case, it was located in /media/.../home/.ecryptfs/<user>/.ecryptfs instead of my home folder.

  2. In that directory, get the wrapped-passphrase file. Get the mount password running sudo ecryptfs-unwrap-passphrase /path/to/wrapped-passphrase and entering the user's password. It's important to use sudo.

  3. Then, run sudo ecryptfs-recover-private on the .Private directory. In my case, it was located in /media/.../home/.ecryptfs/<user>/.Private. Use the password obtained in step 2.

Marco Lavagnino
  • 139
  • 9
  • This did not work for me. Get a new error that I can't debug anywhere. "Error: Unwrapping passphrase failed [-5] Info: Check the system log for more information from libecryptfs". This file has some info. "Failed to detect wrapped passphrase version: No such file or directory". – CoderGuy123 Apr 03 '20 at 15:53