Ubuntu – Ecryptfs: lost passphrase

data-recoveryecryptfspasswordpassword-recovery

When I mounted some dir by

mount -t ecryptfs private data

I entered wrong password. I wrote data in this dir and now I can't mount it. I have no valid password and passphrase (know only the same), but have SIG in /root/.ecryptfs/sig-cache.txt.

How I can recover my directory or, at least, brute it: type many-many passwords like entered when mounting this dir and compare generated sig with existing?

Best Answer

If you want to try a bunch of passprhases, and compare them with your known signature, you can use the ecryptfs-add-passphrase command. That will take whatever passphrase you enter, and add it to the kernel's keyring and return the signature.

You can do that a bunch of times (perhaps in a script), until you get the right signature.

You may want to clear out all of those added passphrase (or perhaps clear your kernel keyring between each try). For that, you'll want to use keyctl clear @u.

Full disclosure: I am one of the authors and maintainers of eCryptfs.

Related Solutions

Ubuntu – Recovering eCryptfs partition with ecryptfs-recover-private not working

I figured out my problem. I was running the command and giving it my HOME directory, and for some reason it was saying it was successful in mounting it. However, it was lying. Turns out you need to run the command with the .Private folder that each user has, its located in

sudo ecryptfs-mount-private /home/.ecryptfs/<username>/.Private

The command is supposed to recurse and find that folder for you, but I was impatient and gave it my home folder. I'm not sure why it said it was successful when it clearly wasn't, but if you give it that .Private folder, and then enter your login password, it should mount it to a folder inside /tmp/ and you can do whatever else you want to do with the data =)

Best Answer

Related Solutions

Ubuntu – Recovering eCryptfs partition with ecryptfs-recover-private not working

Related Question