eCryptfs decryption and mount problem

Question

I have a problem with login in xubuntu and decryption of my home folder. When I'm trying to login, screen blinks and nothing happend. syslog info on that moment:

Aug  7 15:22:20 xu sudo: pam_ecryptfs: Passphrase file wrapped
Aug  7 15:22:20 xu sudo: pam_ecryptfs: Unable to rewrap passphrase file
Aug  7 15:22:20 xu sudo: Failed to detect wrapped passphrase version: Permission denied
Aug  7 15:22:20 xu sudo: Error attempting to unwrap passphrase from file [/home/sergei/.ecryptfs/wrapped-passphrase]; rc = [-13]
Aug  7 15:22:20 xu sudo: pam_ecryptfs: Error adding passphrase key token to user session keyring; rc = [-5]
Aug  7 15:23:06 xu lightdm: pam_ecryptfs: Passphrase file wrapped
Aug  7 15:23:06 xu lightdm: pam_ecryptfs: Unable to rewrap passphrase file
Aug  7 15:23:06 xu lightdm: Failed to detect wrapped passphrase version: Permission denied
Aug  7 15:23:06 xu lightdm: Error attempting to unwrap passphrase from file [/home/sergei/.ecryptfs/wrapped-passphrase]; rc = [-13]
Aug  7 15:23:06 xu lightdm: pam_ecryptfs: Error adding passphrase key token to user session keyring; rc = [-5]
Aug  7 15:23:07 xu systemd[1]: Started Session c6 of user sergei.
Aug  7 15:23:07 xu lightdm[2973]: Signature not found in user keyring
Aug  7 15:23:07 xu lightdm[2973]: Perhaps try the interactive 'ecryptfs-mount-private'
Aug  7 15:23:07 xu lightdm[2973]: Error writing X authority: Failed to open X authority /home/sergei/.Xauthority: Permission denied
Aug  7 15:23:07 xu acpid: client 3689[0:0] has disconnected
Aug  7 15:23:07 xu acpid: client connected from 3897[0:0]
Aug  7 15:23:07 xu acpid: 1 client rule loaded
Aug  7 15:23:07 xu systemd[1]: Started Session c7 of user lightdm.

I was able to login through Ctl+Alt+F1 console, so I've decided to mount my home directory manually. But received an error:

sergei@xu:~$ ecryptfs-mount-private
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
Enter your login passphrase:

Syslog:

Aug  7 15:30:49 xu ecryptfs-insert-wrapped-passphrase-into-keyring: Failed to detect wrapped passphrase version: Permission denied
Aug  7 15:30:49 xu ecryptfs-insert-wrapped-passphrase-into-keyring: Error attempting to unwrap passphrase from file [/home/sergei/.ecryptfs/wrapped-passphrase]; rc = [-13]

I've tried to check my passphrase:

sergei@xu:~$ ecryptfs-unwrap-passphrase
Passphrase:
Error: Unwrapping passphrase failed [-13]
Info: Check the system log for more information from libecryptfs

Syslog:

Aug  7 15:28:47 xu ecryptfs-unwrap-passphrase: Failed to detect wrapped passphrase version: Permission denied

But under root unwrap-passphrase works fine:

sergei@xu:~$ sudo ecryptfs-unwrap-passphrase /home/sergei/.ecryptfs/wrapped-passphrase
Passphrase:
mypassphrase_here

Well, I didn't forgot my passphrase. Output was same as phrase I'm entering. Though, output is not that long random phrase, that was generated automatically long time ago. After this problems, I've decided to mount it differently:

sergei@xu:~$ ecryptfs-add-passphrase --fnek
Passphrase:
Inserted auth tok with sig [e94f5149955202f3] into the user session keyring
Inserted auth tok with sig [6a7465b6ae998f18] into the user session keyring
sergei@xu:~$ sudo mount -t ecryptfs /home/sergei/.Private /mnt/
Passphrase:
Select cipher:
 1) aes: blocksize = 16; min keysize = 16; max keysize = 32
 2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56
 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24
 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32
 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32
 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16
Selection [aes]:
Select key bytes:
 1) 16
 2) 32
 3) 24
Selection [16]:
Enable plaintext passthrough (y/n) [n]:
Enable filename encryption (y/n) [n]: y
Filename Encryption Key (FNEK) Signature [e94f5149955202f3]: 6a7465b6ae998f18
Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_fnek_sig=6a7465b6ae998f18
  ecryptfs_key_bytes=16
  ecryptfs_cipher=aes
  ecryptfs_sig=e94f5149955202f3
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.

Would you like to proceed with the mount (yes/no)? : yes
Would you like to append sig [e94f5149955202f3] to
[/root/.ecryptfs/sig-cache.txt]
in order to avoid this warning in the future (yes/no)? : no
Not adding sig to user sig cache file; continuing with mount.
Mounted eCryptfs

As seen above, I've received error and ignored it. But in mounted directory there is only bunch of ECRYPTFS_FNEK_ENCRYPTED files. I've tried to recover my directory, but received error and no syslog info:

sergei@xu:~$ sudo ecryptfs-recover-private
INFO: Searching for encrypted private directories (this might take a while)...
INFO: Found [/home/.ecryptfs/sergei/.Private].
Try to recover this directory? [Y/n]: y
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] y
INFO: Enter your LOGIN passphrase...
Passphrase:
Inserted auth tok with sig [e94f5149955202f3] into the user session keyring
ERROR: The key required to access this private data is not available.

I've tried again, but this time I've said, that I don't have login passphrase and entered that long random passphrase:

sergei@xu:~$ sudo ecryptfs-recover-private
INFO: Searching for encrypted private directories (this might take a while)...
INFO: Found [/home/.ecryptfs/sergei/.Private].
Try to recover this directory? [Y/n]: y
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] n
INFO: To recover this directory, you MUST have your original MOUNT passphrase.
INFO: When you first setup your encrypted private directory, you were told to record
INFO: your MOUNT passphrase.
INFO: It should be 32 characters long, consisting of [0-9] and [a-f].

Enter your MOUNT passphrase:
INFO: Success!  Private data mounted at [/tmp/ecryptfs.4qCNYRo6].

But, at /tmp/ecryptfs.4qCNYRo6 there are bunch of ECRYPTFS_FNEK_ENCRYPTED files again.

So, what should I do to resolve my issues? I, really, don't want to loose my home directory.

Answer 1

I faced the same error logs when I installed Manjaro alongside Ubuntu 16.04 LTS. My /home partition was on its own partition, and my home-folder /home/simon was encrypted with ecryptfs using the Ubuntu installer.

I quickly noticed that the Manjaro installation hadn't created my user account with the login "simon" as it should have. Instead, it had become "simonw" on UID 1000. Creating a user named "simon" with useradd didn't work right away, but I had to change the UID of "simon", to get the PAM auto-mounting from Arch wiki to work.

I fixed this by swapping the UIDs and GIDs of "simon" and "simonw". Something like:

# Starting with simonw (1000,1000) and simon (1001,1001) UIDs and GIDs. Both sudoers.
# Log in as simon
usermod -u 1011 simonw
usermod -g 1001 simonw
# Log in as simonw
usermod -u 1000 simon
usermod -g 1000 simon
# simon could now decrypt and auto-mount the home-folder /home/simon
# Delete simonw, or whatever.

TLDR; Check that the UID trying to decrypt the home-folder is the same as the one that owns the original wrapped-passphrase.

I hope this can be a future reference for someone, even if this question is old by now. This question still came quite high up with a web search on the error message.

Answer 2

Maybe you can boot in recover mode or with a usb-stick with another Ubuntu system and try what is described here: How do I mount an encrypted /home directory on another Ubuntu machine?

I would do a backup of /home/.ecryptfs/sergei/.Private first.