After entering the correct passphrase at the command ecryptfs-mount-private
, I am getting this error:
torben@torben-nettop:~$ sudo ecryptfs-recover-private
INFO: Searching for encrypted private directories (this might take a while)...
INFO: Found [/media/0f417b42-11a0-4539-9cae-e11ce3b289c3/home/.ecryptfs/
torben/.Private].
Try to recover this directory? [Y/n]: y
INFO: Enter your LOGIN passphrase...
Passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring
failed [-5]
Info: Check the system log for more information from libecryptfs
torben@torben-nettop:~$
Syslog has this information:
ecryptfs-insert-wrapped-passphrase-into-keyring:
Incorrect wrapping key for file [/home/torben/.ecryptfs/wrapped-passphrase]
ecryptfs-insert-wrapped-passphrase-into-keyring: Error attempting to unwrap
passphrase from file [/home/torben/.ecryptfs/wrapped-passphrase]; rc = [-5]
--> Given that I am absolutely sure that I am entering the correct passphrase, what can I do to fix this problem so that I can read the encrypted home folder?
Some background:
- I have installed Ubuntu 11.04 on a new drive and I want to copy my home folder from the old drive, which is encrypted (I have the passphrase).
- With the help of Marco Ceppi in the chat, I followed these precise steps yesterday and successfully gained access to the encrypted home folder. This proves that my passphrase does indeed work.
- I then started the machine on copying from the old encrypted home folder to the new unencrypted home folder and went to bed. When I returned to the computer, I saw that it had suspended itself :( and had not finished copying the folder.
- I rebooted the computer, and removed the temporary /recovery folders, then followed the exact same steps again, but this is when I encountered the error given above. I tried this several times; always the same result. I am absolutely sure that I am typing the passphrase correct.
Updated: 19 June 2018
Summary
I was recently getting the a similar error, when trying to decrypt some data from an external drive. Every time the error message was from an invalid password, I can duplicate this all day long. Instead using ecryptfs-recover-private I was using ecryptfs-unwrap-passphrase, which I think is for specific data, though I don't feel like looking up the difference.
Note: This is not a copy/paste guide, it is more of a record of my success.
Unwrapping The Passphrase
You'll need to find your
wrapped-passphrase
file. If you're not sure where it is you can usefind
. After you mount your volume you can do:You'll want to substitute the path which returns for my paths listed below.
My steps after mounting the old drive.
It will always prompt for a passphrase, this is the password initially setup when you created the encrypted home directory when you installed Ubuntu. In the setup it highly recommends that you use a different password than your login password... if you've been trying your login password for the last hour and failing, try some different ones .. try that one password which you rarely use.
I had forgotten what mine was, I tried all of my super awesome passwords, and I kept getting this error message:
After searching google for about an hour, I figured I'd try a password I knew was bad, so I put in password at the Passphrase prompt.
The following was spit out:
I reran ecryptfs-unwrap-passphrase and tried a different password and received the same -5 error message as listed above. It turns out that I had actually set the passphrase to password, probably due to my frustrations with decrypting data in ubuntu in the past.
Add Passphrase to Keying
Adding the passphrase to
ecryptfs-add-passphrase
, use the passphrase generated in the previous step.Outputs:
Mount or Recover
At this point you have two options, I suggest attempting to mount, then if you can't mount, try recovering.
Mounting the Drive
It is easy to think of the
.Private
directory as an unmounted volume.Again here you'll need to specify your own directories.
Hopefully when you initially created the encrypted drive you didn't mess around with the cypher or key bytes.
Shows all data in my old home directory.
Note: At this point if you get invalid permission/owner/group sets, you're going to want to unmount the drive and skip down to the Recover section.
If you get a good permission set, copy that junk out out of the encrypted drive to the desktop for example.
Recover
I discovered I couldn't successfully mount my ecryptfs.
ls
was displaying invalid permission/owner/group settings. It looked something like the following:I am not sure why I wound up with problems with using
mount
, so I started messing around withecryptfs-recover-private
and had some luck.Again, you'll have to use your own generated passphrase from above. Note that I used the
--rw
switch here to make the mount read/write, if you omit the switch it will mount read-only.The
tmp
path it outputs will contain your encrypted mount.This should show your full path with proper permission sets. Now copy it out somewhere.
In Closing
GOOD LUCK!!
You should be able to use this for any variant of Ubuntu, I for instance have used it in and between Ubuntu and Mint and Lubuntu.
If you're just finding this thread, unless you specifically used password as your Passphrase, those hex values won't work.
This is an attempt to fix it myself:
Dustin Kirkland wrote in 2008:
The login username and login password for the new system are identical to the ones for the old system. I have written down the passphrase and I know it's correct (see proof in my question).
This similar problem might be worth checking out: Trying to mount old encrypted home
Also, something on the new system might not be working correctly. To rule this out, boot on a LiveCD and try from there.
...to be updated as I go along!
In case the password does not work ( which happened to me, though I had not changed it ), using the backup passphrase to access helped me. I just answered no to whether I knew my password and entered the 32 long hex number I had received and written down upon initial boot.
This may be easier at times than guessing.
If it can be of any help, while I was facing a similar issue (code
-5
during decryption of home directory), I found out some files under.ecryptfs
and.Private
were not owned by my user account but rather by root.This happened because I ran
ecryptfs-rewrap-passphrase
as root and as such it locked important files away from my own account.Hence, when I ran
ecryptfs-mount-private
with my user account, it would fail as reading and writing to some files (namely.ecryptfs/wrapped-passphrase
) was be denied.I solved my case by running
sudo chown -R USER:USER /home/USER/.ecryptfs /home/USER/.Private
. ReplaceUSER
by your actual account name. YMMV