[clug] Ubuntu Lynx (10.04) and ecryptfs

Carlo Hamalainen carlo.hamalainen at gmail.com
Mon May 3 18:26:57 MDT 2010


On Tue, May 4, 2010 at 9:34 AM, Andrew Janke <a.janke at gmail.com> wrote:
> I have heard all sorts of horror stories about the ~/Private thing
> going awry when you rebuilt/reinstall with previous versions as the
> "secret key" or some such thing was stored in /var/lib/<something> but
> in this release it would seem that your entire ~<username> directory
> is encrypted and the key stuff and real data is stored in
> /home/.ecryptfs/<username>/{.Private,.ecryptfs}.

This has happened to me. I saved /home/carlo on a USB hard drive,
wiped my laptop, and then discovered that some file in
/home/carlo/.Private was a symbolic link to /var/lib/something.
Unbelievable. We have /home and /var, not
/home_and_var_and_some_other_stuff_haha.


> 2. given #1 how does recovery work?
>
> Say my machine dies and I need to "get stuff fast". What do I do with
> the encrypted backup (with encrypted keys included) to mount it?  I
> have looked around but haven't found an easy answer.  I can use:
>
>   $ mount -t ecryptfs /home/.ecryptfs/rotor /mnt/recovery

It's not a one liner. See
https://help.ubuntu.com/community/EncryptedPrivateDirectory#Recovering
Your Data Manually

If you go down this road, you should see if you can take your hard
drive to another computer and mount your encrypted home directory
there. A default Ubuntu 9.04 install, for example, is missing a few
packages for mounting ecrypt volumes (and it wasn't entirely obvious
to me which package was missing).

Can you (quickly) mount it from a Centos box? An older Ubuntu install?

And don't forget to save the "mount passphrase" somewhere safe but
quickly accessible.

-- 
Carlo Hamalainen
http://carlo-hamalainen.net


More information about the linux mailing list