[clug] Ubuntu Lynx (10.04) and ecryptfs
Carlo Hamalainen
carlo.hamalainen at gmail.com
Mon May 3 18:26:57 MDT 2010
On Tue, May 4, 2010 at 9:34 AM, Andrew Janke <a.janke at gmail.com> wrote:
> I have heard all sorts of horror stories about the ~/Private thing
> going awry when you rebuilt/reinstall with previous versions as the
> "secret key" or some such thing was stored in /var/lib/<something> but
> in this release it would seem that your entire ~<username> directory
> is encrypted and the key stuff and real data is stored in
> /home/.ecryptfs/<username>/{.Private,.ecryptfs}.
This has happened to me. I saved /home/carlo on a USB hard drive,
wiped my laptop, and then discovered that some file in
/home/carlo/.Private was a symbolic link to /var/lib/something.
Unbelievable. We have /home and /var, not
/home_and_var_and_some_other_stuff_haha.
> 2. given #1 how does recovery work?
>
> Say my machine dies and I need to "get stuff fast". What do I do with
> the encrypted backup (with encrypted keys included) to mount it? I
> have looked around but haven't found an easy answer. I can use:
>
> $ mount -t ecryptfs /home/.ecryptfs/rotor /mnt/recovery
It's not a one liner. See
https://help.ubuntu.com/community/EncryptedPrivateDirectory#Recovering
Your Data Manually
If you go down this road, you should see if you can take your hard
drive to another computer and mount your encrypted home directory
there. A default Ubuntu 9.04 install, for example, is missing a few
packages for mounting ecrypt volumes (and it wasn't entirely obvious
to me which package was missing).
Can you (quickly) mount it from a Centos box? An older Ubuntu install?
And don't forget to save the "mount passphrase" somewhere safe but
quickly accessible.
--
Carlo Hamalainen
http://carlo-hamalainen.net
More information about the linux
mailing list