eCryptFS – Accessing Encrypted Drive from LiveUSB Linux with Known User Password

Thanks to another imperiled user at’s community forums (credit given below), I’ve discovered an easy method to access encrypted drives/partitions using a Linux Mint LiveUSB when the actual system is not able to be used to boot and access the drive for data recovery. This method assumes that the ecryptfs-utils package was used to encrypt the drive, and that the wrapped-passphrase was stored on the drive.

In the past, encrypted drives or partitions using eCryptFS required you to note a lengthy passphrase in order to recover the files – or, at least, this was displayed upon installation of Mint, Ubuntu and other distros after installing and encrypted the home directory.

However, simply knowing the user’s login passphrase is all that is needed for newer encrypted setups, as it appears eCryptFS now automatically stores the wrapped-passphrase on the drive where the data is encrypted to allow for recovery using just the user’s login credentials. Below are some rather simple and straight-forward steps for accessing an encrypted drive from a LiveUSB boot in these conditions:

  1. Simply mount the partition/drive from inside the graphical file manager. This was Nemo in my case, using Linux Mint.
  2. Open a terminal from inside the /home directory of the drive/partition that contains the encrypted home directory and enter the following command:
    sudo ecryptfs-recover-private .ecryptfs/<USERNAME>/.Private/
    Note: You must use elevated super-user privileges for this command.
  3. If it finds the location provided, enter Y (or simply press Enter, if it is the default option) when presented with Try to recover this directory? [Y/n].
  4. If you’re fortunate, it will find the wrapped-passphrase and then ask Do you know your LOGIN passphrase? [Y/n]. As long as you do (and there’s no reason you shouldn’t if you’re trying to recover your own data), then simply hit Enter or submit Y to reach a prompt to enter the login password for the user of the encrypted home directory.
  5. If all goes well (correct password, included), you’ll be met with INFO: Success! Private data mounted at [/tmp/ecryptfs.dIWKskOD].
    Note: This location is mounted in the /tmp/ directory of the USB drive’s file system and not in the /tmp/ directory of the mounted Linux Mint drive/partition of the system being accessed on the PC.
  6. The last thing you need to note is where it has mounted the encrypted data, as it won’t be in the /media/ directory where your drive/partition is initially mounted using Nemo. For me, it was placed inside of the /tmp/ directory somewhere like /tmp/ecryptfs.dIWKskOD/. It doesn’t hurt anything to keep the terminal window open in case you need to reference it again, though I imagine it will be the only directory starting with ecryptfs. in its name.
  7. Simply navigate to the provided location and you’ll find the files from the drive/partition unencrypted to access and/or copy to a backup location.

I hope this helps. Also, note that you may also want to use something like ddrescue, or even CloneZilla, to attempt salvaging as much data as possible if you’re drive is failing. Attempting to copy/backup files through the usual means when the drive is failing can either cause more damage or at least cost you valuable time that could be given toward the more capable methods.

Best of luck!

Credit: Thanks to fabien85’s post at the forums.