I have been trying to follow this guide: https://www.howtoforge.com/tutorial/how-to-encrypt-directories-and-partitions-with-ecryptfs-on-debian/ to encrypt the home directory on my pi with out a password by saving the password on a file onto a usb. But the issue is that the pi boots up to a login screen and prompts for a password. The only difference to the configuration in the guide I have made is that my usb is ntfs and the name of the directory that is being encrypted (pi) and the password. I tried it again and afterwards when the pi booted up it said root account was locked and I only had command line access to the system. Are there any passwordless encryption alternatives that I can use? As the pi will have a display but no keyboard.

I am sorry I did not find any related topic matching here. I have weird installation behaviour right after I installed my Linux Mint 22 in my existing partition table structure: * Luks Encrypted partition with LVM for root, user, swap * Boot Partition (none encrypted) * Dual Boot Windows partition * One NTFS exhange partition The LUKS partition was during live sesssion opened, the inside lying LVM activated and mounted. All partition have been formatted besides the home partition with ecryptfsed home directories inside. Before Ubuntu 24.04 was installed as an mislead upgrade to 22.04 (mislead in terms of many small performance leaks and little errors, which do not end in a unusable but miserably configured system). A fresh install of Ubuntu 24.04 went wrong because it doesn't support LUKS and LVM during installation anymore. Damn. Then I started the installation assistant. All Went ok, performance increase like 200%, besides: * no HW sound device working (but existing) * initramfs does not activate LVM, no crypttab after second boot (then first looked) * backup home could not be decrypted properly (this ticket) ----------------------------------------------------------------------------- So in detail I can't open my backup home folder encrypted with the exakt same password like my user's id password and the one used for the homefolder: Alternate 1: ============

root# ecryptfs-private-recovery    # from somewhere
INFO: Searching for encrypted private directories (this might take a while)...
find: ‘/proc/38986/task/38986/net’: Invalid argument
find: ‘/proc/38986/net’: Invalid argument
find: ‘/proc/103650/task/103650/net’: Invalid argument
find: ‘/proc/103650/net’: Invalid argument
find: ‘/run/user/1000/gvfs’: Permission denied
find: ‘/run/user/1000/doc’: Permission denied

So ecryptfs is not finding any home directory (besides /home/user is a working decrypted one it is also not finding). Even when I start it from the directory .Private itself. I know - the encryption password - the algorithm AES - the key length 16 bit - encryption of file names is turned on - passthrough is no According to here and following from that answer here I was deleting the keys with (keyctl as a key management facility tool working with keyrings, but obviously not with the gnome keyring, the philosophy of the tool is unfortunately totally unclear as the whole ecryptfs tool (I did not find any sequence diagrams/uml charts on it):

$ sudo su
$ keyctl list @u
2 keys in keyring:
270246897: --alswrv  1000  1000 user: bbbbbbbbbbbbbbbb
996876983: --alswrv  1000  1000 user: aaaaaaaaaaaaaaaa
$ keyctl clean @u    [--> no keys available in
$ ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase
Passphrase: (enter your usual passphrase)
PPPPPPPPPPPPPPPP
(write down this unwrapped passphrase)
$ sudo ecryptfs-add-passphrase --fnek 
Passphrase: (enter the PPPPPPPPPPPPPPPP)
Inserted auth tok with sig [aaaaaaaaaaaaaaaa] into the user session keyring
Inserted auth tok with sig [bbbbbbbbbbbbbbbb] into the user session keyring
$ sudo mount -t ecryptfs /backup1TB/home_user_bck/.Private /backup1TB/home_user_bck/ -o key=passphrase:passphrase_passwd_file=/home/user/scripts/key.txt,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=y,ecryptfs_unlink_sigs
Filename Encryption Key (FNEK) Signature [aaaaaaaaaaaaaaaaaa]: bbbbbbbbbbbbbbbb
Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_fnek_sig=bbbbbbbbbbbbbbbb                     
  ecryptfs_key_bytes=16
  ecryptfs_cipher=aes
  ecryptfs_sig=aaaaaaaaaaaaaaaaaa
Mounted eCryptfs

* ecryptfs_fnek_sig and ecryptfs_sig are only shown hidden. As this home_backup directory was working as a mirror to my home directory both encrypted with ecryptfs with the same user password, it was tolerable for me to save the password plainly into scripts with 400 permissions. The log shows:

$ dmesg | tail
[469436.287197] ecryptfs_parse_tag_70_packet: Error attempting to find auth tok for fnek sig [d5459a9a6d6c7d8a]; rc = [-2]
[469436.287330] Could not find key with description: [d5459a9a6d6c7d8a]
[469436.287337] process_request_key_err: No key
[469436.287340] ecryptfs_parse_tag_70_packet: Error attempting to find auth tok for fnek sig [d5459a9a6d6c7d8a]; rc = [-2]
[469469.389865] Could not find key with description: [d5459a9a6d6c7d8a]
[469469.389884] process_request_key_err: No key
[469469.389889] ecryptfs_parse_tag_70_packet: Error attempting to find auth tok for fnek sig [d5459a9a6d6c7d8a]; rc = [-2]
[469469.389907] Could not find key with description: [d5459a9a6d6c7d8a]
[469469.389912] process_request_key_err: No key
[469469.389915] ecryptfs_parse_tag_70_packet: Error attempting to find auth tok for fnek sig [d5459a9a6d6c7d8a]; rc = [-2]
peddanet@HP-ENVY-Laptop-13-aq1176ng:/backup1TB$ ^C

$ journalctl -xe | grep
Mar 05 00:55:40 HP-ENVY-Laptop-13-aq1176ng sudo: peddanet : TTY=pts/3 ; PWD=/backup1TB ; USER=root ; COMMAND=/usr/bin/mount -t ecryptfs /backup1TB/home_peddanet_bck/.Private /backup1TB/home_peddanet_bck/ -o key=passphrase:passphrase_passwd_file=/home/peddanet/scripts/key.txt,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=y
Mar 05 00:55:40 HP-ENVY-Laptop-13-aq1176ng mount.ecryptfs: Error initializing key module [/usr/lib/x86_64-linux-gnu/ecryptfs/libecryptfs_key_mod_gpg.so]; rc = [-22]

Alernative way ============== According to this way for MINT I did the recovering right this:

/backup1TB/.ecryptfs/home_user_bck# ecryptfs-recover-private .Private;
INFO: Found [.Private].
Try to recover this directory? [Y/n]: Y
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] Y
INFO: Enter your LOGIN passphrase...
Passphrase: 
Inserted auth tok with sig [cccccccccccccccc] into the user session keyring
INFO: Success!  Private data mounted at [/tmp/ecryptfs.HR2cA03S].
# keyctl list @u
3 keys in keyring:
384278683: --alswrv     0     0 user: bbbbbbbbbbbbbbbb
351461027: --alswrv     0     0 user: aaaaaaaaaaaaaaaa

Errors: No errors! BUT: Outcome for both ways: ====================== It seems working properly, but ls -la will serve: Examining these directories as well as mounting with my passphrase, which works "top level" without errors, but you can't access these files and directories, it stops:

$ ll home_user_bck
ls: cannot access 'home_user_bck/.nuget': No such file or directory
ls: cannot access 'home_user_bck/lsix-master': No such file or directory
ls: cannot access 'home_user_bck/.mozilla': No such file or directory
[..]
ls: cannot access 'home_user_bck/ECRYPTFS_FNEK_ENCRYPTED.FWbJFNeOPKlxWUQHdX-EKzX72XJwQQKem-XJNDrYJBdx.UWXCIKeIOw45E--': No such file or directory
ls: cannot access 'home_user_bck/openvlc.tasks': No such file or directory
ls: cannot access 'home_user_bck/Screenshot from 2021-11-06 15-37-10.png': No such file or directory
[..]
ls: cannot access 'home_user_bck/.ecryptfs': No such file or directory
ls: cannot access 'home_user_bck/.thunderbird': No such file or directory
ls: cannot access 'home_user_bck/.xsession-errors': No such file or directory
ls: cannot access 'home_user_bck/thinclient_drives': No such file or directory
[..]
drwxr-xr-x 49 user user  20K Feb 20 12:47  .
drwxr-xr-x  6 user user 4,0K Feb 17 14:31  ..
d?????????  ? ?        ?           ?            ?  Audio
-?????????  ? ?        ?           ?            ?  backup.log
-?????????  ? ?        ?           ?            ?  .bash_history
-?????????  ? ?        ?           ?            ?  .bash_logout
-?????????  ? ?        ?           ?            ?  .bashrc
d?????????  ? ?        ?           ?            ?  bin
d?????????  ? ?        ?           ?            ?  .cache
d?????????  ? ?        ?           ?            ?  .conda
d?????????  ? ?        ?           ?            ?  .config
d?????????  ? ?        ?           ?            ?  .cups
d?????????  ? ?        ?           ?            ?  .cyberghost
[..]
d?????????  ? ?        ?           ?            ?  .dbus
d?????????  ? ?        ?           ?            ?  Desktop
d?????????  ? ?        ?           ?            ?  Documents
d?????????  ? ?        ?           ?            ?  Dokumente
d?????????  ? ?        ?           ?            ?  .dotnet
d?????????  ? ?        ?           ?            ?  Downloads'
-?????????  ? ?        ?           ?            ?  examples.desktop
d?????????  ? ?        ?           ?            ?  .gconf
-?????????  ? ?        ?           ?            ?  .gitconfig
d?????????  ? ?        ?           ?            ?  .gnome
d?????????  ? ?        ?           ?            ?  .gnupg
d?????????  ? ?        ?           ?            ?  .hardinfo
-?????????  ? ?        ?           ?            ?  index.html
d?????????  ? ?        ?           ?            ?  .java
d?????????  ? ?        ?           ?            ?  jd2
-?????????  ? ?        ?           ?            ?  key.txt
-?????????  ? ?        ?           ?            ?  .lesshst
d?????????  ? ?        ?           ?            ?  .local
d?????????  ? ?        ?           ?            ?  lsix-master
d?????????  ? ?        ?           ?            ?  .mozilla
d?????????  ? ?        ?           ?            ?  Music
l?????????  ? ?        ?           ?            ?  user
d?????????  ? ?        ?           ?            ?  Pictures
[..]
d?????????  ? ?        ?           ?            ?  scripts
d?????????  ? ?        ?           ?            ?  snap
d?????????  ? ?        ?           ?            ?  .ssh
-?????????  ? ?        ?           ?            ?  .sudo_as_admin_successful
d?????????  ? ?        ?           ?            ?  Templates
-?????????  ? ?        ?           ?            ?  test
d?????????  ? ?        ?           ?            ?  Test
d?????????  ? ?        ?           ?            ?  testdaten
-?????????  ? ?        ?           ?            ?  testdisk.log
-?????????  ? ?        ?           ?            ?  that.gif
[..]

I tried ecryptfs: ls lists top level folders but with "no such file or directory" for them but as ecryptfs-recover-private didn't find - no outcome. But similar results when it comes to listing top directory files. The lower directories are not possible to list. So what went wrong here? Could it be a weird different handling of ecryptfs formerly in Ubuntu 22.04 and now Linux Mint 22.1? Is the ecryptfs system inevitably corrupted? How can I detect, what else can I do? Obviously the slightes changes in above commands can result in totally hideous and hiding errors (or messages).... Annotations =========== ** The .ecryptfs was missing with the backup, so as it was a direct copy of /home/user back then, I just copied from the home/.ecryptfs/user/.ecryptfs to /backup1TB/.ecryptfs/home_user_backup/. In the folder /backup1TB/home_user_backup/ there were two links to .Privateand .ecryptfs to the formerly mentioned .ecryptfs folder.

I am trying to add a printer manually via the CUPS web interface (http://localhost:631/admin/) but it is not working. I see that when I click "Add printer", a username/password dialog pops up... entering my username/password, I see errors like this in the journal:

Jan 30 11:21:00 myhostname kernel: audit: type=1400 audit(1738264860.777:406): apparmor="DENIED" operation="open" class="file" profile="/usr/sbin/cupsd" name="/etc/fscrypt.conf" pid=37925 comm="cupsd" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jan 30 11:21:00 myhostname kernel: audit: type=1400 audit(1738264860.777:407): apparmor="DENIED" operation="open" class="file" profile="/usr/sbin/cupsd" name="/home/.ecryptfs/myusename/.ecryptfs/Private.mnt" pid=37925 comm="cupsd" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Jan 30 11:21:00 myhostname cupsd: pam_ecryptfs: Passphrase file wrapped
Jan 30 11:21:00 myhostname kernel: audit: type=1400 audit(1738264860.778:408): apparmor="DENIED" operation="open" class="file" profile="/usr/sbin/cupsd" name="/home/.ecryptfs/myusename/.ecryptfs/wrapped-passphrase" pid=112156 comm="cupsd" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Jan 30 11:21:00 myhostname kernel: audit: type=1400 audit(1738264860.778:409): apparmor="DENIED" operation="open" class="file" profile="/usr/sbin/cupsd" name="/home/.ecryptfs/myusename/.ecryptfs/wrapped-passphrase" pid=112156 comm="cupsd" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Jan 30 11:21:00 myhostname cupsd: pam_ecryptfs: Unable to rewrap passphrase file
Jan 30 11:21:00 myhostname cupsd: Failed to detect wrapped passphrase version: Permission denied
Jan 30 11:21:00 myhostname cupsd: Error attempting to unwrap passphrase from file [/home/myusename/.ecryptfs/wrapped-passphrase]; rc = [-13]
Jan 30 11:21:00 myhostname cupsd: pam_ecryptfs: Error adding passphrase key token to user session keyring; rc = [-5]​​

It seems like CUPS is trying to unwrap my ecryptfs passphrase? - why would CUPS need/want access to the wrapped ecryptfs passphrase, since the /home partition is already decrypted and mounted? - why would it try to "rewrap" the passphrase, as implied by the journal line above?

I have a dual boot laptop with Windows and Linux mint. In the Linux Mint partition I encrypted the file storage and this has been working fine for 4+ years, it decrypts on log in. Yesterday some software may have filled my Linux partition and today when I try to log in to Linux I can not get past the log in screen and receive the error:

ecryptfs_write_metadata_to_contents: Error attempting to write header information to lower file: rc = [-20]
ecryptfs_write_metadata: Error writing metadata out to lower file: rc = [-20]
Error writing headers: rc = [-20]

and it just keeps going back to the log in screen. I booted Linux in recovery mode and used the root shell. I tried running the following commands but received the following errors:

# ecryptfs-mount-private
ERROR: Encrypted private directory is not setup properly

# ecryptfs-recover-private
INFO: Searching for encrypted private directories (this might take a while)...
INFO: Found [/home/.ecryptfs/foo/.Private].
Try to recover this directory? [Y/n]: Y
INFO: Found your wrapper-passphrase
Do you know your LOGIN passphrase? [Y/n]: Y
INFO: ENTER your LOGIN passphrase...
Passphrase:
Inserted auth tok with sig [79***2e] into the user session keyring
mount: /tmp/ecryptfs.Q1***1M: mount(2) system call failed: No such file or directory.
ERROR: Failed to mount private data at [/tmp/ecryptfs.Q1***1M].

I'm thinking maybe the Linux partition is too full to decrypt the files on log in but it may also be that the encryption is corrupt? Any help would be greatly appreciated.

I encrypted my whole home directory with ecryptfs and accidentaly deleted the whole .Private and .ecryptfs directories. I somehow managed to recover all the deleted files using PhotoRec. I have the following file types recovered

encrypted files/ecryptfs
application/epub+zip
application/gzip
application/java-archive
application/javascript
application/json
application/octet-stream
application/pdf
application/pgp-keys
application/postscript
application/vnd.debian.binary-package
application/vnd.iccprofile
application/vnd.microsoft.portable-executable
application/vnd.ms-cab-compressed
application/vnd.sqlite3
application/vnd.tcpdump.pcap
application/x-7z-compressed
application/x-archive
application/x-bzip2
application/x-executable
application/x-lz4+json
application/x-lzh-compressed
application/x-ndjson
application/x-object
application/x-ole-storage
application/x-pie-executable
application/x-rar
application/x-sharedlib
application/x-stuffit
application/x-tar
application/x-wine-extension-ini
application/x-xar
application/x-xz
application/zip
audio/flac
audio/mpeg
audio/x-m4a
audio/x-wav
font/sfnt
font/woff
image/fits
image/gif
image/jpeg
image/png
image/svg+xml
image/tiff
image/vnd.microsoft.icon
image/webp
text/calendar
text/csv
text/html
text/plain
text/troff
text/vtt
text/x-Algol68
text/x-c
text/x-c++
text/x-diff
text/x-file
text/x-fortran
text/x-makefile
text/xml
text/x-msdos-batch
text/x-perl
text/x-ruby
text/x-script.python
text/x-shellscript
text/x-tex
video/mp4
video/webm

I moved all the *.ecryptfs file types to /home/.ecryptfs/username/.Private/ directory. Where should I move the rest of the files? I know that some files should be also kept in /home/.ecryptfs/username/.ecrypfs/.

I have a NAS RS816 - All my folders are encrypted, A user created a backup of a access file and then by accident deleted the file... I managed to recover the directory which contains 11 files. Each file has been named ECRYPTFS_FNEK_ENCRYPTED.F........etc I would like to decrypt each file using the password which was used to encrypt them, I also have the .key file How would i do this, I have tried the Sudo ecryptfs-recover-private but it does not file the files and when i try run the folder in terminal it still does not find the files Kind Regards

Using Linux Mint 17 Cinnamon 64-bit. Originally, I asked this on askubuntu - https://askubuntu.com/questions/831300/cannot-see-contents-of-home-directory-after-error-and-restart - and was then told to come here. I'm on my live USB right now. I've successfully run sudo ecryptfs-recover-private, with the data being sent to /tmp/ecryptfs.8o5N9a3d. The latter is filled with folders I cannot decipher, all named things like ECRYPTFS_FNEK_ENCRYPTED.[string of characters]. What is the next step in getting these files back to their old, usable state? I would appreciate any help. Thank you.

I've managed to mount "old" ecryptfs home folder with sudo mount -t ecryptfs [SRC DIR] [DST DIR]. It was failing for ecryptfs-recover-private with mount: No such file or directory and with setreuid: Operation not permitted for strace --follow-forks -o file.log ecryptfs-recover-private. BTW, why different error for --follow-forks? Maybe worth separate question about strace. Anyway it mounted but ls [DST DIR] lists files and folders that look as correct home folder, but with ? and "cannot access ... no such file or directory". What could be the problem? With web search I've managed to find QAs for mount issue. https://askubuntu.com/questions/1074753/ecryptfs-mount-private-failure-in-ubuntu-18-04-mount-no-such-file-or-directory ; https://askubuntu.com/questions/1126981/ecryptfs-mount-no-such-file-or-directory ; https://unix.stackexchange.com/questions/285541/mount-no-such-file-or-directory-with-encrypted-recovery ; https://unix.stackexchange.com/questions/493931/ecryptfs-mount-private-returns-fopen-no-such-file-or-directory Closest to mine is https://unix.stackexchange.com/questions/314255/ecryptfs-mounting-failure-from-kernel-4-7-onwards with also ? for ls, but it is from 2016 and answer is for kernel change for plaintext+encrypted names change, my encrypted home folder is from 2021. BTW I've tried mount both plaintext passthrough y and n.

Guys help me understand this! I'm using **eCryptfs** with mount command to encrypt a single folder. In first time for setup the volume I run:

mount --types ecryptfs /path/to/.private /path/to/.private

So I choose the options. For second time or any other after setup I run:

mount --types ecryptfs --options key=passphrase,ecryptfs_key_bytes=,ecryptfs_cipher=,ecryptfs_passthrough=no /path/to/.private /path/to/.private

So, when I do this steps directly in **command line** and I type a wrong password the volume are mounted but your content stay encrypted, works as expected but, when I put this steps inside a script even though I type a wrong password the content of volume are decrypted! The **eCryptfs** has some cache for the passphrase? It some that I'm not knowledg? PS: sorry for my english, I'm learning yet :)

I recently had a login loop that kept sending me back to the login screen no matter how many times I entered the correct password. I decided to login accessing the terminal directly by pressing cntrl+alt+F1, where I entered my username and password. After doing so, I got the following message: Signature not found in user keyring Perhaps try the interactive 'encryptfs-mount-private' To run a command as administrator (user "root"), use "sudo commando". See "man sudo_root" for details. In any case, I could now access the terminal. However, my

/home/

folder didn't have the files that are usually there, there were just the usual folders (Desktop, Downloads, Videos, etc.) and two new files:

.txt

and

-Your-Private-Data.desktop

. To access the latter, it asked me for my login passphrase, which I don't remember, if I ever set one. After looking for info online I launched the command

chmod 777 /home/

and now I can login through the login screen, but the desktop has the default wallpaper and none of the folders I usually have there. The

/home/

folder is just the same, with the two new files and none of the usual ones. Any idea what is going on and how could I solve it? I'm using Linux mint. Thank you for your responses.

I'm trying to learn a bit about the linux kernel keyring (as background for using ecryptfs). Does the kernel keyring store keys somewhere on disk, or does it get reinitiailized programmatically everytime the sytem is booted? I've looked at the man pages and archlinux documentation on encryption but haven't found the answer. If there's other documentation on the kernel keyring, I'd like to know. If the kernel keyring does store keys on the disk, where does it put the files?

I installed Ubuntu and encrypted the home folder. Then I forgot the login password and tried to change it: - from the recovery mode, I've selected the root shell and at the prompt I entered: mount -rw -o remount / passwd username init 2 - during the init 2 command the power cut off and the computer shut down. After restart I couldn’t login at all. Then I remembered the login password and tried to set it: - from the recovery mode,at the root shell prompt I entered: mount -rw -o remount / passwd username Restore the old password reboot Now I cannot login in the system any more. I attached the drive with the encrypted home folder to an Ubuntu system and navigated to the home folder. This is the folder tree structure of it: **home/adrian/cache/wallpaper/photo** .....................**/Access-your-Private-Data.desktop** (Note:it’s a text file with the content: ..............................................................................[Desktop Entry] ..............................................................................._Name=Access Your Private Data ..............................................................................._GenericName=Access Your Private Data ...............................................................................Exec=/usr/bin/ecryptfs-mount-private ...............................................................................Terminal=true ...............................................................................Type=Application ...............................................................................Categories=System;Security; ...............................................................................X-Ubuntu-Gettext-Domain=ecryptfs-utils) ......................**/ReadMe.txt** (Note:it’s a text file with the content: .............................THIS DIRECTORY HAS BEEN UNMOUNTED TO PROTECT YOUR DATA. ..............................From the graphical desktop, click on:"Access Your Private Data" .............................or from the command line, run: ecryptfs-mount-private) .......................**/.ecryptfs** (Note: the file contains a broken link: it points to "/home/.ecryptfs/-adrian/.ecryptfs" the folder name “adrian” has been replaced with “-adrian”) .......................**/.Private** (Note: the file contains a broken link: it points to "/home/.ecryptfs/-adrian/.Private" the folder name “adrian” has been replaced with “-adrian”) **home/ecryptfs/adrian/.ecryptfs/auto-mount** ....................................................**/auto-umount** ....................................................**/Private.mnt** ....................................................**/Private.sig** ................................................... **/wrapped-passphrase** ....................................................**/.wrapped-passphrase-recorded** .....................................**/.Private** (Note: the folder contains both folders and files with links that point to the folders- some links are broken they point to nonexistent folders: folders’ names have been corrupted again) The followings are copied from a terminal window and from the “syslog” file: adi@adi-1:/$ sudo ecryptfs-mount-private /media/adi/d2bc773c-93e3-43e2-b1bc-e2d2430030cb/home/.ecryptfs/adrian/.Private [sudo] password for adi: ERROR: Encrypted private directory is not setup properly adi@adi-1:/$ sudo ecryptfs-recover-private /media/adi/d2bc773c-93e3-43e2-b1bc-e2d2430030cb/home/adrian/.Private INFO: Searching for encrypted private directories (this might take a while)... find: ‘/run/user/1000/doc’: Permission denied find: ‘/run/user/1000/gvfs’: Permission denied adi@adi-1:/$ sudo umount /run/user/1000/gvfs adi@adi-1:/$ sudo umount /run/user/1000/doc adi@adi-1:/$ sudo ecryptfs-recover-private /media/adi/d2bc773c-93e3-43e2-b1bc-e2d2430030cb/home/adrian/.Private INFO: Searching for encrypted private directories (this might take a while)... INFO: Found [/media/adi/d2bc773c-93e3-43e2-b1bc-e2d2430030cb/home/.ecryptfs/adrian/.Private]. Try to recover this directory? [Y/n]: Y INFO: Found your wrapped-passphrase Do you know your LOGIN passphrase? [Y/n] Y INFO: Enter your LOGIN passphrase... Passphrase: Error: Unwrapping passphrase and inserting into the user session keyring failed [-5] Syslog: adi-1 ecryptfs-insert-wrapped-passphrase-into-keyring: Incorrect wrapping key for file [/media/adi/d2bc773c-93e3-43e2-b1bc-e2d2430030cb/home/.ecryptfs/adrian/.Private/../.ecryptfs/wrapped-passphrase] adi-1 ecryptfs-insert-wrapped-passphrase-into-keyring: Error attempting to unwrap passphrase from file [/media/adi/d2bc773c-93e3-43e2-b1bc-e2d2430030cb/home/.ecryptfs/adrian/.Private/../.ecryptfs/wrapped-passphrase]; rc = [-5] adi@adi-1:/$ sudo ecryptfs-unwrap-passphrase /media/adi/d2bc773c-93e3-43e2-b1bc-e2d2430030cb/home/.ecryptfs/adrian/.ecryptfs/wrapped-passphrase Passphrase: Error: Unwrapping passphrase failed [-5] Syslog: adi-1 ecryptfs-unwrap-passphrase: Incorrect wrapping key for file [/media/adi/d2bc773c-93e3-43e2-b1bc-e2d2430030cb/home/.ecryptfs/adrian/.ecryptfs/wrapped-passphrase] The login passphrase is the right one and I used it to log into the system. Does anyone know what to do next? Could I use R-linux to search for the previous versions of the files that are now corrupted and try to replace them with the original ones? Thanks for help, andrew

I have recently built a brand new computer and decided to install Linux Mint on it and I have recently realized that I only have about 730GB of free space out of the 1TB SSD I installed. After some investigation, I found a .ecryptfs folder in my home directory that is occupying approximately 150GB of space. I would like to know what this directory is, why it is taking up so much space on my new computer, and how I can reduce its size. I have not installed any major programs or files on this computer yet. It is almost brand new. System info: System: Kernel: 5.15.0-76-generic x86_64 bits: 64 compiler: gcc v: 11.3.0 Desktop: Cinnamon 5.6.8 tk: GTK 3.24.33 wm: muffin dm: LightDM Distro: Linux Mint 21.1 Vera base: Ubuntu 22.04 jammy Drives: Local Storage: total: 931.51 GiB used: 370.53 GiB (39.8%) ID-1: /dev/nvme0n1 vendor: Samsung model: SSD 970 EVO Plus 1TB size: 931.51 GiB speed: 31.6 Gb/s lanes: 4 serial: temp: 30.9 C Partition: ID-1: / size: 915.32 GiB used: 185.26 GiB (20.2%) fs: ext4 dev: /dev/nvme0n1p2 ID-2: /boot/efi size: 511 MiB used: 6.1 MiB (1.2%) fs: vfat dev: /dev/nvme0n1p1 Swap: ID-1: swap-1 type: file size: 2 GiB used: 0 KiB (0.0%) priority: -2 file: /swapfile ecryptfsd -V returns ecryptfsd (ecryptfs-utils) 111

OS: Linux Mint 20.3 I usually get this error whenever I do sudo apt update. dpkg: warning: files list file for package 'libecryptfs1' missing; assuming package has no files currently installed But it has never caused any issue. Now that am doing my Linux mint upgrade to 21, the upgrade stopped by throwing the following error. dpkg: warning: files list file for package 'libecryptfs1' missing; assuming package has no files currently installed (Reading database ... 409767 files and directories currently installed.) Preparing to unpack .../libecryptfs1_111-5ubuntu1_amd64.deb ... dpkg: error processing archive /var/cache/apt/archives/libecryptfs1_111-5ubuntu1_amd64.deb (--unpack): too-long line or missing newline in '/var/lib/dpkg/info/libecryptfs1.triggers' Errors were encountered while processing: /var/cache/apt/archives/libecryptfs1_111-5ubuntu1_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) Error - Return code: 100 When I try to reinstall it the followin error happens encrypted32@anonymous24:~$ sudo apt-get autoclean [sudo] password for encrypted32: Reading package lists... Done Building dependency tree Reading state information... Done encrypted32@anonymous24:~$ sudo apt-get install --reinstall libecryptfs1 Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libqt5networkauth5 python3-simplejson stunnel4 x11proto-input-dev x11proto-randr-dev Use 'sudo apt autoremove' to remove them. The following packages will be upgraded: libecryptfs1 1 upgraded, 0 newly installed, 0 to remove and 1492 not upgraded. Need to get 36.0 kB of archives. After this operation, 21.5 kB disk space will be freed. Get:1 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libecryptfs1 amd64 111-5ubuntu1 [36.0 kB] Fetched 36.0 kB in 2s (17.6 kB/s) dpkg: warning: files list file for package 'libecryptfs1' missing; assuming package has no files currently installed (Reading database ... 409767 files and directories currently installed.) Preparing to unpack .../libecryptfs1_111-5ubuntu1_amd64.deb ... dpkg: error processing archive /var/cache/apt/archives/libecryptfs1_111-5ubuntu1_amd64.deb (--unpack): too-long line or missing newline in '/var/lib/dpkg/info/libecryptfs1.triggers' Errors were encountered while processing: /var/cache/apt/archives/libecryptfs1_111-5ubuntu1_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) Output for cat /var/lib/dpkg/info/libecryptfs1.triggers below: $���m��mo�L�D��;�%g�?w��ŷ���ovH0��a�5��*�ؒ��l͛�S�iy�r�O7����%L]� Not sure what that output means Note: i did apt update before i began the upgrade Any help on fixin this is appeciated. As per @a.b recommendation I ran all the commands Pasting the output of the last command below encrypted32@anonymous24:~$ sudo apt-get -f reinstall libecryptfs1 Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libqt5networkauth5 python3-simplejson stunnel4 x11proto-input-dev x11proto-randr-dev Use 'sudo apt autoremove' to remove them. The following packages will be upgraded: libecryptfs1 1 upgraded, 0 newly installed, 0 to remove and 1492 not upgraded. Need to get 36.0 kB of archives. After this operation, 21.5 kB disk space will be freed. Get:1 http://archive.ubuntu.com/ubuntu jammy/universe amd64 libecryptfs1 amd64 111-5ubuntu1 [36.0 kB] Fetched 36.0 kB in 1s (30.9 kB/s) dpkg: warning: files list file for package 'libecryptfs1' missing; assuming package has no files currently installed (Reading database ... 409767 files and directories currently installed.) Preparing to unpack .../libecryptfs1_111-5ubuntu1_amd64.deb ... Unpacking libecryptfs1 (111-5ubuntu1) over (111-0ubuntu7) ... Setting up libecryptfs1 (111-5ubuntu1) ... Processing triggers for libc-bin (2.31-0ubuntu9.9) ... Now, how do I resume my upgrade ? From the Mintupgrade tool or is there any command ?

Ecryptfs encrypts filenames and sometimes I need to find particular file, so I would like a tool to map the encrypted filenames back to their plaintext file name.

My home directory is encrypted with ecryptfs. I wanted to try some things that required reinstalling my system, so I backed up to a flash drive with this command: sudo tar cf backup.tar.zstd --one-file-system --acls --xattrs --zstd / My system has 3 partitions, efi, root, and swap. The --one-file-system was intended to grab the encrypted ecryptfs data and skip the decrypted mount. I did my tests then, from a live usb, restored the backup this way: tar xf backup.tar.zstd --xattrs --zstd -C /mnt genfstab -U /mnt > /mnt/etc/fstab arch-chroot /mnt grub-install /dev/nvme0n1 grub-mkconfig -o /boot/grub/grub.cfg And it boots, I can log into sddm with my password and reach a desktop, but my ecryptfs will not mount. What broke?

I have a Samsung Chromebook 2, and was using crouton to run linux in a chroot next to ChromeOS and ran out of SDD space. I opened gparted, and it told me that the GPT table was in the wrong place and that there were ~500 megs of unpartitioned space at the end of the drive. I decided to take the MicroSD card out of my Android phone and flash Chrubuntu on to it, and make a backup. I was stupid and put the backup in the ~/Downloads folder, which is encrypted with some kind of encryption related to my Google password. I then booted Chrubuntu from the SD card and moved the partition table and expanded the stateful partition to allow for more space. I then rebooted, but the Chromebook firmware didn't like the new partition layout. Normally I would just use a USB recovery stick, but I really want to get the SD card backup back because my a lot of my Android apps have stopped working because of the absence of the SD card. Also, I have a few files stored in the Downloads folder that I would like to recover. Looking at the Chromium project page, it seems that they are encrypted with some multi-layer mess of encryption involving ecryptfs. I mounted the stateful partition from Chrubuntu and found a file in the root called encrypted.block and encrypted.key. This is where my knowledge stops. I can't seem to find out how to mount the encrypted.block file, but I believe that it has something to do with my google password. The encrypted.key file just shows up as two lines of

�^�7��,3Y^�k^Y

in nano. I think that the password has something to do with my google password hash, but I can't seem to figure out what. Can someone help me to recover the data? EDIT: Just to clarify, the problem is that I can't figure out how to mount the partition. I know it has something to do with my Google password, which I know, but I am not sure how to derive the encrypted partition password from it.

I have an encrypted directory on my USB drive that I encrypted using ecryptfs on an old computer. I know the passphrase I used at the time to encrypt this directory but I cant seem to decrypt it on a new machine with the same passphrase. Is is possible to do this on a new machine? Or the old machine contains some key unique to the passphrase that cannot be recreated on my new machine? Thanks for any input. Tony

While installing Ubuntu 16.04 I decided to take the option of encrypting my home directory. I also use ssh key-only authorization, as password logins are disabled for security. I was able to solve the "not being able to log in because .ssh/authorized_keys" issue using this: https://stephen.rees-carter.net/thought/encrypted-home-directories-ssh-key-authentication . In summary: sudo vim ~/.profile and then entering ecryptfs-mount-private cd /home/username But now, X11 forwarding over ssh is broken. It appears the MMC (MIT Magic Cookie) .Xauthority file is not making it into the un-encrypted home directory.

On my MX-18 linux (Debian 9 Stretch based) system, whenever a script runs via cron, my Private ecryptfs volume unmounts. Confirmed, no issue running the same BASH scripts from a terminal. Tested with two different scripts. The crontab is set up with crontab -e from my standard user account. Can't find anything on the web about this. Cheers