Consider a scenario where you have moved your disk containing your encrypted home folder from one computer to another where it is treated as a data disk. Perhaps the original computer is no longer functional for whatever reason and on the new computer you want to access all of your data. You will need to manually decrypt your home folder.
The original disk is mounted onto your new computer as /mnt,
perhaps. See Chapter ?? for details. You can navigate the
disk to find that
/mnt/home/kayon is going to look something like:
$ ls -a total 12K 4.0K ./ 4.0K .cache/ 0 README.txt@ 4.0K ../ 0 .ecryptfs@ 0 Access-Your-Private-Data.desktop@ 0 .Private@
That is not what you usually see when you previously logged onto the
original computer. Instead you would have seen all of your files,
decrypted. Your encrypted files are actually located in
/mnt/home/.ecryptfs/kayon. We will use
-, ecryptfs - recover, private from ecryptfs-utils
to do the hard work for us.
$ sudo ecryptfs-recover-private [sudo] password for kayon: INFO: Searching for encrypted private directories (this might take a while)...
This will search over the whole file system, including all mounted disks, to find all of the encrypted private directories, request the password, and decrypt the directories.
TO BE MERGED WITH ABOVE
Our use case here is to access a hard disk backup that has backed up /home/kayon as well, but it is actually an encrypted home folder (as is good practice).
The folder contains links to the actual data to be decrypted.
23 Dec 11:49:54 home/kayon$ \ls -la total 12 dr-x------ 3 kayon kayon 4096 Jul 30 2020 . drwxr-xr-x 4 root root 4096 Jul 30 2020 .. lrwxrwxrwx 1 kayon kayon 56 Jul 30 2020 Access-Your-Private-Data.desktop -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop drwx------ 3 kayon kayon 4096 Jul 30 2020 .cache lrwxrwxrwx 1 kayon kayon 29 Jul 30 2020 .ecryptfs -> /home/.ecryptfs/kayon/.ecryptfs lrwxrwxrwx 1 kayon kayon 28 Jul 30 2020 .Private -> /home/.ecryptfs/kayon/.Private lrwxrwxrwx 1 kayon kayon 52 Jul 30 2020 README.txt -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt
The key to decrypting is the login password for the user’s account. Without it the folder will not be able to be decrypted. If you know when you changed passwords, and you have a record of password changes (like within a password manager) then you may want to know when the backup was done. To do so find the last modified file on the backup:
$ find . -type f -printf '%T@ %p\n' | sort -k1,1nr | head -5
To begin, make sure ecryptfs-utils is installed.
$ wajig install ecryptfs-utils
Your donation will support ongoing availability and give you access to the PDF version of this book. Desktop Survival Guides include Data Science, GNU/Linux, and MLHub. Books available on Amazon include Data Mining with Rattle and Essentials of Data Science. Popular open source software includes rattle, wajig, and mlhub. Hosted by Togaware, a pioneer of free and open source software since 1984. Copyright © 1995-2022 Graham.Williams@togaware.com Creative Commons Attribution-ShareAlike 4.0