eCryptFS – Accessing Encrypted Drive from LiveUSB Linux with Known User Password

Thanks to another imperiled user at LinuxMint.com’s community forums (credit given below), I’ve discovered an easy method to access encrypted drives/partitions using a Linux Mint LiveUSB when the actual system is not able to be used to boot and access the drive for data recovery. This method assumes that the ecryptfs-utils package was used to encrypt the drive, and that the wrapped-passphrase was stored on the drive.

In the past, encrypted drives or partitions using eCryptFS required you to note a lengthy passphrase in order to recover the files – or, at least, this was displayed upon installation of Mint, Ubuntu and other distros after installing and encrypted the home directory.

However, simply knowing the user’s login passphrase is all that is needed for newer encrypted setups, as it appears eCryptFS now automatically stores the wrapped-passphrase on the drive where the data is encrypted to allow for recovery using just the user’s login credentials. Below are some rather simple and straight-forward steps for accessing an encrypted drive from a LiveUSB boot in these conditions:

  1. Simply mount the partition/drive from inside the graphical file manager. This was Nemo in my case, using Linux Mint.
  2. Open a terminal and enter the following command:
    ecryptfs-recover-private .ecryptfs/<USERNAME>/.Private/
  3. If it finds the location provided, enter Y (or simply press Enter, if it is the default option) when presented with Try to recover this directory? [Y/n].
  4. If you’re fortunate, it will find the wrapped-passphrase and then ask Do you know your LOGIN passphrase? [Y/n]. As long as you do (and there’s no reason you shouldn’t if you’re trying to recover your own data), then simply hit Enter or submit Y to reach a prompt to enter the login password for the user of the encrypted home directory.
  5. If all goes well (correct password, included), you’ll be met with INFO: Success! Private data mounted at [/tmp/ecryptfs.dIWKskOD].
  6. The last thing you need to note is where it has mounted the encrypted data, as it won’t be in the /media/ directory where your drive/partition is initially mounted using Nemo. For me, it was placed inside of the /tmp/ directory somewhere like /tmp/ecryptfs.dIWKskOD/. It doesn’t hurt anything to keep the terminal window open in case you need to reference it again, though I imagine it will be the only directory starting with ecryptfs. in its name.
  7. Simply navigate to the provided location and you’ll find the files from the drive/partition unencrypted to access and/or copy to a backup location.

I hope this helps. Also, note that if you’re drive is failing – as in my case – you may also want to use something like ddrescue to attempt salvaging as much data as possible.

Best of luck!

Credit: Thanks to fabien85’s post at the LinuxMint.com forums.

1 thought on “eCryptFS – Accessing Encrypted Drive from LiveUSB Linux with Known User Password

  1. To follow up on this, my advice to anyone who is experiencing a failing drive is to quickly look toward something like CloneZilla to perform a bit-by-bit copy of the drive while the drive is still functioning. Accessing sectors on the drive to try copying through more common means (such as described in this post) is likely to do more harm than you realize.

    My attempt to copy files from the drive failed after days of running. Afterward, I made the attempt using CloneZilla and, also after days of running, it finally failed at about 60% completion, implying that the drive contained too many sectors that were physically unreadable.

    Whether or not my attempt to recover the files through a LiveUSB of Linux Mint ultimately caused the inability to make a copy using CloneZilla or that drive was already damaged beyond the point of a complete backup is hard to say. I’ve read that CloneZilla manages to recover failing drives very impressively, so the best lesson I can take away from this is to simply go that direction the moment drive failure is apparent. That surely can’t hurt the odds of successfully backing up the data.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.