Revision as of 19:16, 27 January 2013

What you need

• A running Ubuntu
• Access to the disk from which you want to restore
• Your user password of the system you want to restore from or the passphrase you might have recorded earlier

How it works

Mount the disk or partition with the encrypted home on it

It can be done with Nautilus or on the text console. Change to the directory with the encrypted home which might look like that:

user@ubuntu:/media/my_disk/home/.ecryptfs/username$

Step 1: Get the passphrase (optional)

The passphrase is not the user password. It is a random key, stored in the file wrapped-passphrase and encrypted with the user´s password. It´s unlikely that you´ve got that passphrase writen down somewhere but if you do so, skip that step. Else unwrap it:

user@ubuntu:/media/my_disk/home/.ecryptfs/username$ ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase
Passphrase: <enter user´s password here>
2dac479b16e0efd2ac7b8e9e7690f8f7

This got us the passphrase, for exmple 2dac479b16e0efd2ac7b8e9e7690f8f7.

Step 2: Get the signature for filename encryption

Enter
sudo ecryptfs-add-passphrase --fnek
You might have to provide your admin password, then the passphrase from step 1.

user@ubuntu:/media/my_disk/home/.ecryptfs/username$ sudo ecryptfs-add-passphrase --fnek
[sudo] password for user: <your admin password>
Passphrase: <passphrase from step 1, eg. 2dac479b16e0efd2ac7b8e9e7690f8f7>
Inserted auth tok with sig [bdcb4b20bbc91ae6] into the user session keyring
Inserted auth tok with sig [b89f3c3b1512e0a2] into the user session keyring

Note the 2nd signature (b89f3c3b1512e0a2 in this example) - we will need it later.

Step 3: Mount the encrypted home directory

Use
sudo mount -t ecryptfs .Private /mnt
to mount the directory to /mnt or any other mountpoint of your choice. Follow the steps, ecryptfs provides and be careful not to mix-up the password, passphrase and signature.