75.9 Encrypt Home


Consider a scenario where you have moved your disk containing your encrypted home folder from one computer to another where it is treated as a data disk. Perhaps the original computer is no longer functional for whatever reason and on the new computer you want to access all of your data. You will need to manually decrypt your home folder.

The original disk is mounted onto your new computer as /mnt, perhaps. See Chapter 22 for details. You can navigate the disk to find that /mnt/home/kayon is going to look something like:

$ ls -a
total 12K
4.0K ./                                 4.0K .cache/        0 README.txt@
4.0K ../                                   0 .ecryptfs@
   0 Access-Your-Private-Data.desktop@     0 .Private@

That is not what you usually see when you previously logged onto the original computer. Instead you would have seen all of your files, decrypted. Your encrypted files are actually located in /mnt/home/.ecryptfs/kayon. We will use -, ecryptfs - recover, private from ecryptfs-utils to do the hard work for us.

$ sudo ecryptfs-recover-private
[sudo] password for kayon: 
INFO: Searching for encrypted private directories (this might take a while)...

This will search over the whole file system, including all mounted disks, to find all of the encrypted private directories, request the password, and decrypt the directories.


Our use case here is to access a hard disk backup that has backed up /home/kayon as well, but it is actually an encrypted home folder (as is good practice).

The folder contains links to the actual data to be decrypted.

23 Dec 11:49:54 home/kayon$ \ls -la
total 12
dr-x------ 3 kayon  kayon  4096 Jul 30  2020 .
drwxr-xr-x 4 root   root   4096 Jul 30  2020 ..
lrwxrwxrwx 1 kayon  kayon    56 Jul 30  2020 Access-Your-Private-Data.desktop -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop
drwx------ 3 kayon  kayon  4096 Jul 30  2020 .cache
lrwxrwxrwx 1 kayon  kayon    29 Jul 30  2020 .ecryptfs -> /home/.ecryptfs/kayon/.ecryptfs
lrwxrwxrwx 1 kayon  kayon    28 Jul 30  2020 .Private -> /home/.ecryptfs/kayon/.Private
lrwxrwxrwx 1 kayon  kayon    52 Jul 30  2020 README.txt -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt

The key to decrypting is the login password for the user’s account. Without it the folder will not be able to be decrypted. If you know when you changed passwords, and you have a record of password changes (like within a password manager) then you may want to know when the backup was done. To do so find the last modified file on the backup:

$ find . -type f -printf '%T@ %p\n' | sort -k1,1nr | head -5

To begin, make sure ecryptfs-utils is installed.

$ wajig install ecryptfs-utils

Your donation will support ongoing development and give you access to the PDF version of this book. Desktop Survival Guides include Data Science, GNU/Linux, and MLHub. Books available on Amazon include Data Mining with Rattle and Essentials of Data Science. Popular open source software includes rattle, wajig, and mlhub. Hosted by Togaware, a pioneer of free and open source software since 1984. Copyright © 1995-2021 Graham.Williams@togaware.com Creative Commons Attribution-ShareAlike 4.0.