If I give ecryptfs-unwrap-passphrase
my login password, it outputs an hashed string. Is that my passphrase (still unknow...) ? Or it is an hash of the login password ?
What really interest me, it's to be able to backup the passphrase. Sorry for the naive question...
It's not a hashed value, but it is the 128-bit value that is the symmetric encryption/decryption passphrase (key) for your files. It just looks like an MD5 hash because it's a 128-bit value.
The passphrase you're queried for is the user's (your?) login password, with which the encryption passphrase/key is encrypted (in ecryptfs' terms "wrapped").
This enables you to change your login password (with which the encryption passphrase is wrapped) without changing the encryption passphrase itself (which would result in the need to re-encrypt all encrypted files).
Think of it like an SSH private key that you protected with a passphrase - only that, knowing the "raw" encryption passphrase, you can recover your encrypted files without knowing the wrapping passphrase.
So you may store this 128-bit value somewhere safe (i.e. write it down and lock it away somewhere), and even if you forget your wrapping passphrase (i.e. login password), or something else goes wrong, you will be able to recover your encrypted files with the ecryptfs-utils - particularly
ecryptfs-recover-private
after answering the question if you know your LOGIN password with No; it will then ask if you know the encryption passphrase, which you may then type in from the paper on which you've written it down.ecryptfs-unwrap-passphrase
is used to display your mount passphrase. If you want to see your mount passphrase, use the following command:ecryptfs-unwrap-passphrase /home/yourusername/.ecryptfs/wrapped-passphrase
More related information can be found here: https://help.ubuntu.com/community/EncryptedPrivateDirectory#Recovering_Your_Mount_Passphrase
Did you ever resolve this? I'm suspecting that you accidentally checked the "Encrypt home directory" box when you installed Ubuntu. I've sometimes neglected to make a copy of the unwrapped hex passphrase myself. I don't know if there's a way to unlock the encrypted files on a new system if you don't have the hex passphrase. Thanks for the reminder. It may have been too late for you.
It looks like since timeshift normally runs as root that it doesn't access the decrypted versions of the directories and saves the encrypted versions of them. This is actually a good thing when you back up to an unencrypted external hard drive but it makes it more important to save the unwrapped hex passphrase. Maybe the Ubuntu developers should require that a USB stick be inserted at installation time to save it on?