Trying to mount old encrypted home

Question

I installed a fresh Ubuntu 10.10 onto a new hard drive and want to mount the old home directory to a subdirectory of my new (also encrypted) home directory.

I tried this with sudo mount -t ecryptfs /mnt/oldhome/me/ /home/me/oldhome, with /mnt/oldhome being the /home partition of the old system.

Afterwards ~/oldhome contains a desktop link file (Access-Your-Private-Data.desktop) linking to ecryptfs-mount-private and a README.txt saying I should run ecryptfs-mount-private. I do so, but as I don't know what is supposed to happen, I can't tell if it happens and if it brings me closer to accessing my old home.

Any hints?

update

I was able to mount my old encrypted home with the help of this script. Though, looking into it with ls, I get alot of errors like this:

ls: cannot access /mnt/oldme/some_file: No such file or directory

Other information ls -l should show, is replaced by question marks.

update 2

I mounted the old system to /mnt/oldroot and mount /dev, /sys, /proc and the old home partition into. Then I chrooted into /mnt/oldroot, su - me and ecryptfs-mount-private. Asked for the passphrase I put it in and got:

Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect

ecryptfs-unwrap-passphrase gives me the exact same passphrase I used, though.

Answer 1

I strongly recommend that you use the ecryptfs-recover-private utility in these cases.

A full explanation of how to use it is available here.

Answer 2

I finally managed to mount my encrypted home by first adding the passphrase via

sudo ecryptfs-add-passphrase --fnek

Which gets me the following information:

Inserted auth tok with sig [aaaaaaaaaaaaaaaa] into the user session keyring
Inserted auth tok with sig [bbbbbbbbbbbbbbbb] into the user session keyring

There, I remember bbbbbbbbbbbbbbbb and proceed with mounting the associated .Private directory:

sudo mount -t ecryptfs /mnt/oldhome/.ecryptfs/me/.Private /mnt/oldme

A lot of questions pop up, which I all answer with their defaults except for

Enable filename encryption (y/n) [n]: y

and

Filename Encryption Key (FNEK) Signature [aaaaaaaaaaaaaaaa]: bbbbbbbbbbbbbbbb

With bbbbbbbbbbbbbbbb, of course, being the signature I previously remembered. Easy, huh?

Answer 3

Try:

sudo ecryptfs-recover-private /media/<username>/<disk-guid>/home/.ecryptfs/<username>/.Private

output if you know the login passphrase:

INFO: Found [/media/<username>/<disk.guid>/home/.ecryptfs/<username>/.Private].
Try to recover this directory? [Y/n]: 
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] 
INFO: Enter your LOGIN passphrase...
Passphrase: 
Inserted auth tok with sig [c67c3e3ace421e76] into the user session keyring
INFO: Success!  Private data mounted at [/tmp/ecryptfs.xblDkqNZ].

Last line shows where the decrypted data is mounted

Credits to Santiago G. Marín on the comments section from this post

Answer 4

I had the same error ERROR: Failed to mount private data at [/tmp/ecryptfs....] after I renamed the previous (original) POSIX username to old_user and then created a new user with the original (previous username's) login.

To be able to mount the encrypted home directory from the old_user, I had to remake the symbolik links for .encryptfs and .Private in its folder (as they had poinded to /home/original_name/).

After that, the following command mounted the old home without any problem.

/usr/bin/ecryptfs-recover-private /home/old_user/.Private

If the above fails because of the key issue (see dmesg or syslog), e.g.

Could not find key with description: [XXX]
process_request_key_err: No key Could not find valid key in user session keyring for sig specified in mount option: [XXX]

then, try adding the passphrase manually: Option 1 in /usr/bin/ecryptfs-manager (it may show you that the key is already there, it's OK.) and then execute ecryptfs-recover-private /home/old_user/.Private once again.