Recover encrypted home partition. In trouble if lost

[ojireland]

Hello,

Complete noob running ubuntu 10.04. Never any major problems. This is work and personal pc.

I am despartly assistance and hope one of you fellows can help. I even offer complete access to my pc if that helps

I needed to install windows on free space at start of hard drive (needed to try use photoshop). Installed and now have serious problems.

I have trawled and tried many solutions but am only getting frustrated and lost (when I have used terminal before i always just copy and paste from solutions i find online).
Here are the related threads that relate to my problem but trying them is not working and I am totally confused.

http://blog.dustinkirkland.com/2009/...home-from.html
http://ubuntuforums.org/showthread.php?t=1521023
http://ubuntuforums.org/showthread.php?t=1463392
http://ubuntuforums.org/showthread.php?t=1471961
http://ubuntuforums.org/showthread.php?t=1320687
https://help.ubuntu.com/community/En...ata%20Manually
http://ubuntuforums.org/showthread.php?t=1337693
http://www.supergrubdisk.org/wiki/Howto_Fix_Grub
https://help.ubuntu.com/community/Gr...0from%20LiveCD
http://ubuntuforums.org/showthread.php?t=1437015


So here is the problem.

After I installed the windows xp on free partition I booted from live usb to fix the grub.
https://help.ubuntu.com/community/Gr...0from%20LiveCD

Rebooted and got this message
Serious errors were found while checking the disk drive for home.
Press I to Ignore S to Skip mounting or M for Manual recovery

If I press Ignore and then skip nothing gets loaded and somewhere this error comes up.

There is a problem with the configuration server. (/usr/lib/libconf2-4/gconf-sanity-check-2 exited with status 256)

Anyway I thought this was something to do with grub and spent ages trying to fix this but I actually done care now about even fixing the OS, I just need access to the home partition for work reasons.
If I don't get into it in a few hours I will be in some serious, serious trouble with job.


I am nearly sure that
http://blog.dustinkirkland.com/2009/...home-from.html
https://bugs.launchpad.net/ubuntu/+s...ls/+bug/455709
and especially
https://bugs.launchpad.net/ubuntu/+s...709/comments/3

Can fix my problem.

But I am stressing and can't figure it out.

I don't know there's any problem with this but I want to ask if it's possible to get someone to take control of the PC with Teamviewer or something and have a go.

I am truly in trouble here, Is there someone who can please help me.

I have the encrypted passphrase and managed to get the other sig code thing

Many thanks in advance

[robsoles]

Boot from a live CD

Look under 'places' for your file-system, if you see it there then click it to open it out of places there.

Double click 'home' and look for your own home directory, double click it and you should be looking at a couple of file regarding your encrypted files.

Pretty sure you double click one of the files you can see at this point and will soon be challenged for the passphrase hash. Haven't tried it myself so am probably wrong - have a go and tell me how you get on.

[ojireland]

Hi,

Thanks for responding.

When I double any of the files in my encrypted home partition (they all have an X on them), This is the message shown.

This example is for the Private folder

The folder contents could not be displayed.
You do not have the permissions necessary to view the contents of ".Private".Thanks again

[robsoles]

the one time I navigated to my /home folder, on a machine where I used encrypted home folder(s), I found only two files on display.

It entirely looked to me as if one of the files was a launcher to allow access to the encrypted file-space.

Sorry if that isn't helping yet.

Have a look at https://help.ubuntu.com/community/En...ivateDirectory

also http://www.google.com/search?q=acces...tory+in+ubuntu

[ojireland]

I have checked this stuff out.

Any brave takers on the control my Pc suggestion?

[KIAaze]

Hi,

I only have an encrypted "Private" directory, not a fully encrypted home.
But I think the procedure is pretty similar.

I just successfully tested a recovery procedure on my PC using a Lubuntu 10.04 Live-CD (should work the same way with any ubuntu live-CD supporting your filesystem (ext4 in my case)).

Here are the commands I ran in a terminal after mounting the partition using the graphical browser (which is easier and safer than trying it by command-line):

Code:

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@ubuntu:~$ sudo ecryptfs-add-passphrase --fnek
Passphrase: 
ubuntu@ubuntu:~$ cd /media/e81ca359-a0ee-4357-9748-972b95db85a7/
ubuntu@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7$ ls
guest  lost+found  KIAaze  pierre
ubuntu@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7$ cd KIAaze/
bash: cd: KIAaze/: Permission denied
ubuntu@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7$ ls
guest  lost+found  KIAaze  pierre
ubuntu@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7$ cd KIAaze/
bash: cd: KIAaze/: Permission denied
ubuntu@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7$ su
Password: 
su: Authentication failure
ubuntu@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7$ sudo cd KIAaze
sudo: cd: command not found
ubuntu@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7$ sudo passwd
Enter new UNIX password: 
Retype new UNIX password: 
passwd: Authentication token manipulation error
passwd: password unchanged
ubuntu@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7$ sudo su
root@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7# cd KIAaze/
root@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7/KIAaze# ls .Private/
ECRYPTFS_FNEK_ENCRYPTED.FWagQTJl3Ep66UQlWWWJ5yUc-aBdjpC2nxAR4zh4KMkZKlfT4v-eHm.3Ok--
ECRYPTFS_FNEK_ENCRYPTED.FWagQTJl3Ep66UQlWWWJ5yUc-aBdjpC2nxARb8M4-4fLKfW2YoXfb8rlkk--
ECRYPTFS_FNEK_ENCRYPTED.FWagQTJl3Ep66UQlWWWJ5yUc-aBdjpC2nxARdvb8KlxuBWGay-O.qob4fE--
ECRYPTFS_FNEK_ENCRYPTED.FWagQTJl3Ep66UQlWWWJ5yUc-aBdjpC2nxARFTlX4rNWJI-cIiylQ9wKs---
ECRYPTFS_FNEK_ENCRYPTED.FWagQTJl3Ep66UQlWWWJ5yUc-aBdjpC2nxARfwzFY3-er6GJ9SFXV2O9ak--
ECRYPTFS_FNEK_ENCRYPTED.FWagQTJl3Ep66UQlWWWJ5yUc-aBdjpC2nxAR.GvE.hhVSv17jyBaUtedmk--
ECRYPTFS_FNEK_ENCRYPTED.FWagQTJl3Ep66UQlWWWJ5yUc-aBdjpC2nxARH0in5xhoPEzOiLfAbc9K4U--
ECRYPTFS_FNEK_ENCRYPTED.FWagQTJl3Ep66UQlWWWJ5yUc-aBdjpC2nxARorQZXBdzoJLtQybJ2vhiJE--
ECRYPTFS_FNEK_ENCRYPTED.FWagQTJl3Ep66UQlWWWJ5yUc-aBdjpC2nxARpMVwI7tO4lAEdg2h8hQir---
ECRYPTFS_FNEK_ENCRYPTED.FWagQTJl3Ep66UQlWWWJ5yUc-aBdjpC2nxARQ8NP4fiqoXyO7ZfnjkiuSE--
ECRYPTFS_FNEK_ENCRYPTED.FWagQTJl3Ep66UQlWWWJ5yUc-aBdjpC2nxARthdnMUOn7tqn5L8jpEwqF---
ECRYPTFS_FNEK_ENCRYPTED.FWagQTJl3Ep66UQlWWWJ5yUc-aBdjpC2nxARwgeffLTVvVkcWcnLMUwbR---
ECRYPTFS_FNEK_ENCRYPTED.FWagQTJl3Ep66UQlWWWJ5yUc-aBdjpC2nxARXjcdv-kyo4B4efC0xT.BXU--
ECRYPTFS_FNEK_ENCRYPTED.FWagQTJl3Ep66UQlWWWJ5yUc-aBdjpC2nxARyfGglQpnjgIvoNLLD0mf8---
ECRYPTFS_FNEK_ENCRYPTED.FWagQTJl3Ep66UQlWWWJ5yUc-aBdjpC2nxARZVyCVc7IAOHTXF4LDXqx6k--
root@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7/KIAaze# ls Private
Access-Your-Private-Data.desktop  README.txt
root@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7/KIAaze# cat Private/Access-Your-Private-Data.desktop 
[Desktop Entry]
_Name=Access Your Private Data
_GenericName=Access Your Private Data
Exec=/usr/bin/ecryptfs-mount-private
Terminal=true
Type=Application
Categories=System;Security;
X-Ubuntu-Gettext-Domain=ecryptfs-utils
root@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7/KIAaze# ls .ecryptfs/
auto-mount  auto-umount  Private.mnt  Private.sig  wrapped-passphrase
root@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7/KIAaze# ls .ecryptfs/wrapped-passphrase 
.ecryptfs/wrapped-passphrase
root@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7/KIAaze# ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase
Passphrase: 
PASSPHRASE
root@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7/KIAaze# 

root@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7/KIAaze# ecryptfs-add-passphrase --fnek 
Passphrase: 
Inserted auth tok with sig [2b511591c079c7e9] into the user session keyring
Inserted auth tok with sig [ac71f571150d4822] into the user session keyring
root@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7/KIAaze# mount -t ecryptfs ./.Private/ ./Private/
Passphrase: 
Select cipher: 
 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
 2) blowfish: blocksize = 16; min keysize = 16; max keysize = 56 (not loaded)
 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
Selection [aes]: 
Select key bytes: 
 1) 16
 2) 32
 3) 24
Selection [16]: 
Enable plaintext passthrough (y/n) [n]: 
Enable filename encryption (y/n) [n]: y
Filename Encryption Key (FNEK) Signature [2b511591c079c7e9]: ac71f571150d4822
Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_fnek_sig=ac71f571150d4822
  ecryptfs_key_bytes=16
  ecryptfs_cipher=aes
  ecryptfs_sig=2b511591c079c7e9
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key 
before. This could mean that you have typed your 
passphrase wrong.

Would you like to proceed with the mount (yes/no)? : yes
Would you like to append sig [2b511591c079c7e9] to
[/root/.ecryptfs/sig-cache.txt] 
in order to avoid this warning in the future (yes/no)? : no
Not adding sig to user sig cache file; continuing with mount.
Mounted eCryptfs
root@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7/KIAaze# ls Private/
root@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7/KIAaze# ls -A Private/
.amsn    .dropbox       .gnupg       .mozilla  .purple  .SpiderOak  .sylpheed-2.0  .xchat2
.config  .dropbox-dist  .macromedia  .opera    .Skype   .ssh        .wicd
root@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7/KIAaze# cat ./Private/.config/autostart/xchat.desktop 

[Desktop Entry]
Type=Application
Name=xchat
Exec=xchat
Icon=system-run
Comment=
Name[en_US]=xchat
Comment[en_US]=
X-GNOME-Autostart-enabled=false
NotShowIn=LXDE;
root@ubuntu:/media/e81ca359-a0ee-4357-9748-972b95db85a7/KIAaze#

I'm on IRC (#ubuntu@freenode) right now if you want to chat.