Ubuntu 18.04: mount encrypted disk
Solution 1
If you have problems with the key (see dmesg or syslog), e.g.
Could not find key with description: [XXX]
process_request_key_err: No key
Could not find valid key in user session keyring for sig specified in mount option: [XXX]
then, try adding the passphrase manually: Option "1" in menu of /usr/bin/ecryptfs-manager
It helped me.
Solution 2
I encountered the same problem after installing 18.04 when I tried to access my old encrypted data using ecryptfs-recover-private. I was able to solve the issue by doing the following:
Unwrap your old mount passphrase
(You can skip this step if you know this mount passphrase)
You need to find out your mount passphrase so you can add it to the keyring. Assuming your current working directory is your former home partition, you do this by typing
ecryptfs-unwrap-passphrase .ecryptfs/old_user/.ecryptfs/wrapped-passphrase
This asks for your old login passphrase and outputs your old mount passphrase.
Add your mount passphrase to the kernel keyring
This is done by
printf "%s" "mount_passphrase" | ecryptfs-add-passphrase --fnek -
The --fnek option may not be necessary, but it worked for me.
Mount your encrypted data in /tmp
Finally type
sudo ecryptfs-recover-private .ecryptfs/old_user/.Private/
This either asks for your mount passphrase directly or tries to unwrap it with your login passphrase. Although the previous steps appear redundant now, they made this step work, at least for me. Hope you'll have success, as well.
Solution 3
It looks like ecryptfs-mount-private is part of Encrypted Home and not full disk encryption, and the man page seems to confirm this. Just noting.
It seems that people have better luck by pointing to the encrypted filesystem instead of the directory, or without any parameters. For example:
ecryptfs-recover-private /media/<username>/<disk-guid>/home/.ecryptfs/<username>/.Private
ecryptfs-recover-private
There is a blog post that describes the process in detail:
The utility will do a deep find of the system's hard disk, looking for folders named ".Private", and will interactively ask you if it's the folder you'd like to recover. If you answer "yes", you will then be prompted for the login passphrase that's used to decrypt your wrapped, mount passphrase. Assuming you have the correct credentials, it will mount your Encrypted Home or Private directory in read-only mode, and point you at the temporary directory where it's mounted.
I'm having a hard time finding an example where the people use the incorrect passphrase when asked to recover with 'MOUNT passphrase', so it could be choking on that.
Others have reported issues when the new user and old user are different, and instead suggest pointing to the old user's home directory:
ecryptfs-recover-private /home/old_user/.Private
To recover, create a user with the old username, login as that user, and attempt to mount the drive.
The idea is you let the system mount it where it is familiar, and prevent this issue. The downfall is that you'll need the space available, but could be easier. After you restore the drive, copy the files to your new user.
Alternatively, change your user's username back to what it was, recover the files, and change your username back. In this case, you'll likely lose your new data, and is a relatively more dangerous operation.
Related videos on Youtube
05 : 43
08 : 19
03 : 02
03 : 56
13 : 03
Matifou
Updated on September 18, 2022Comments
-
Matifou over 1 year
I just installed Ubuntu 18.04 on a new disk, and trying from 18.04 to access my old Ubuntu files, on the older disk.
Going into
/media/new_user/old_disk/old_user, there is a README file that says: THIS DIRECTORY HAS BEEN UNMOUNTED TO PROTECT YOUR DATA. And then says: From the command line, run:ecryptfs-mount-private.Trying:
$ sudo ecryptfs-recover-privatedoes not do much (basically a few files it can't access, and nothing happens). Reading this old post (linking to this blog), I do instead:
cd /media/new_user/old_disk/.ecryptfs/old_user sudo ecryptfs-recover-private .Private/Which gives:
INFO: Found [.Private/]. Try to recover this directory? [Y/n]: Y INFO: Found your wrapped-passphrase Do you know your LOGIN passphrase? [Y/n] n INFO: To recover this directory, you MUST have your original MOUNT passphrase. INFO: When you first setup your encrypted private directory, you were told to record INFO: your MOUNT passphrase. INFO: It should be 32 characters long, consisting of [0-9] and [a-f]. Enter your MOUNT passphrase: mount: /tmp/ecryptfs.lFwWFlD4: mount(2) system call failed: No such file or directory. ERROR: Failed to mount private data at [/tmp/ecryptfs.lFwWFlD4].I am not sure what I am doing wrong at that point?
Thanks!!
EDIT 1:
I believe the issue does not come from wrong passphrase: I think I got the right one indeed, entering an obviously wrung one give another error message, Error: Unwrapping passphrase and inserting into the user session keyring failed [-5].
EDIT 2:
I should mention that both my old home and new home have the same user name... Could that be something that creates the problem? Where should actually
ecryptfs-recover-privatemount the old disk/system? -
Matifou about 6 yearsthanks for your help! I think it's not a path issue, as I am indeed pointing to the same path you indicate. On the other side, the last post you point to could be a good hint for me. Issue is that I have same login name on od and new one, could be the point. But I didn't really understand the answer on Yaroslav post, did you? Thanks!
-
earthmeLon about 6 yearsYeah, I'll try to clarify.
-
Matifou about 6 yearsoh wow, that worked out! So strange, doing this I get a message like:
That key was already in the keyring.But then, it does indeed work, same command that wasn't workign now gives:INFO: Success! Private data mounted at [/tmp/ecryptfs.Ggv. Thanks! DId you suceed in making it more permanent? Thanks! -
Matifou about 6 yearsThanks! I tried this but didn't work, strangely enough, the answers by @Yaroslav Fedorina, which seems to do exactly the same, did work instead!
