eCryptFS – Accessing Encrypted Drive from LiveUSB Linux with Known User Password

Thanks to another imperiled user at LinuxMint.com’s community forums (credit given below), I’ve discovered an easy method to access encrypted drives/partitions using a Linux Mint LiveUSB when the actual system is not able to be used to boot and access the drive for data recovery. This method assumes that the ecryptfs-utils package was used to encrypt the drive, and that the wrapped-passphrase was stored on the drive.

In the past, encrypted drives or partitions using eCryptFS required you to note a lengthy passphrase in order to recover the files – or, at least, this was displayed upon installation of Mint, Ubuntu and other distros after installing and encrypted the home directory.

However, simply knowing the user’s login passphrase is all that is needed for newer encrypted setups, as it appears eCryptFS now automatically stores the wrapped-passphrase on the drive where the data is encrypted to allow for recovery using just the user’s login credentials. Below are some rather simple and straight-forward steps for accessing an encrypted drive from a LiveUSB boot in these conditions:

  1. Simply mount the partition/drive from inside the graphical file manager. This was Nemo in my case, using Linux Mint.
  2. Open a terminal and enter the following command:
    ecryptfs-recover-private .ecryptfs/<USERNAME>/.Private/
  3. If it finds the location provided, enter Y (or simply press Enter, if it is the default option) when presented with Try to recover this directory? [Y/n].
  4. If you’re fortunate, it will find the wrapped-passphrase and then ask Do you know your LOGIN passphrase? [Y/n]. As long as you do (and there’s no reason you shouldn’t if you’re trying to recover your own data), then simply hit Enter or submit Y to reach a prompt to enter the login password for the user of the encrypted home directory.
  5. If all goes well (correct password, included), you’ll be met with INFO: Success! Private data mounted at [/tmp/ecryptfs.dIWKskOD].
  6. The last thing you need to note is where it has mounted the encrypted data, as it won’t be in the /media/ directory where your drive/partition is initially mounted using Nemo. For me, it was placed inside of the /tmp/ directory somewhere like /tmp/ecryptfs.dIWKskOD/. It doesn’t hurt anything to keep the terminal window open in case you need to reference it again, though I imagine it will be the only directory starting with ecryptfs. in its name.
  7. Simply navigate to the provided location and you’ll find the files from the drive/partition unencrypted to access and/or copy to a backup location.

I hope this helps. Also, note that if you’re drive is failing – as in my case – you may also want to use something like ddrescue to attempt salvaging as much data as possible.

Best of luck!

Credit: Thanks to fabien85’s post at the LinuxMint.com forums.