Recovering a partition with encrypted /home directory in Ubuntu 18..04

by Dominic Fagan   Last Updated September 23, 2018 20:02 PM

I have about 5 partitions on my Desktop computer, the one I'm using now is 18.04, the one with the encrypted /home directory is older. Theres some important files and data in there so if its possible to recover it, I'll take the time to do it. So first thing I did was check what partitions are in there:

$ sudo fdisk -l
Disk /dev/loop0: 3.7 MiB, 3887104 bytes, 7592 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop1: 42.1 MiB, 44183552 bytes, 86296 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop2: 2.3 MiB, 2355200 bytes, 4600 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop3: 14.5 MiB, 15204352 bytes, 29696 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop4: 13 MiB, 13619200 bytes, 26600 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop5: 2.3 MiB, 2433024 bytes, 4752 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop6: 3.7 MiB, 3878912 bytes, 7576 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop7: 14.5 MiB, 15196160 bytes, 29680 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes




Disk /dev/sda: 931.5 GiB, 1000204886016 bytes, 1953525168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0x0004f908

Device     Boot     Start        End    Sectors   Size Id Type
/dev/sda1            2048   62500863   62498816  29.8G 82 Linux swap / Solaris
/dev/sda2        62502910  160157695   97654786  46.6G  5 Extended
/dev/sda3  *    160157696 1953523711 1793366016 855.1G 83 Linux
/dev/sda5        62502912  117922805   55419894  26.4G 83 Linux
/dev/sda6       117923840  160157695   42233856  20.1G 83 Linux

Partition 2 does not start on physical sector boundary.
Partition table entries are not in disk order.

So mounting the partition and taking a look at whats in there, heres what I got:

[email protected]:/mnt/recover$ cd /mnt/recover/home
[email protected]:/mnt/recover/home$ ls -l
total 28
drwxrwxrwx 19    1005    1005 4096 Apr 23  2017 decodify
drwxrwxrwx  3 dominic dominic 4096 Apr 23  2017 horse
drwxrwxrwx  5    1009    1009 4096 Apr 30  2017 horsebox
drwxrwxrwx  2    1008    1008 4096 Apr 29  2017 jimbob
drwxrwxrwx  2    1007    1007 4096 Apr 29  2017 johnjoe
drwxrwxrwx  2    1006    1006 4096 Apr  8  2017 new_user
drwxrwxrwx  2    1004    1004 4096 Feb 17  2017 sammy
[email protected]:/mnt/recover/home$ cd /mnt/recover/home/horse
[email protected]:/mnt/recover/home/horse$ ls -l
total 0
lrwxrwxrwx 1 dominic dominic 56 Feb 10  2017 Access-Your-Private-Data.desktop -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop
lrwxrwxrwx 1 dominic dominic 52 Feb 10  2017 README.txt -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt

There was a lot of files in the rest of the file system, could they be of any use?

EDIT: Since I didn't have the passwords, it didn't work:

/mnt/recover/home/horse$ sudo ecryptfs-recover-private -rw /media/sda3/home/.ecryptfs/horse/.Private
INFO: Searching for encrypted private directories (this might take a while)...
INFO: Found [/mnt/recover/home/.ecryptfs/horse/.Private].
Try to recover this directory? [Y/n]: y
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] n
INFO: To recover this directory, you MUST have your original MOUNT passphrase.
INFO: When you first setup your encrypted private directory, you were told to record
INFO: your MOUNT passphrase.
INFO: It should be 32 characters long, consisting of [0-9] and [a-f].

Enter your MOUNT passphrase: 
mount: /tmp/ecryptfs.5GDXtbtp: mount(2) system call failed: No such file or directory.
ERROR: Failed to mount private data at [/tmp/ecryptfs.5GDXtbtp].


Related Questions



Run ecryptfs from live USB

Updated July 05, 2018 22:02 PM



ecryptfs-recover-private not accepting password

Updated November 11, 2015 12:01 PM