Ubuntu – Encrypted Home… Forgotten Password, but no Passphrase


I am using a cloned hard drive in attempts to restore some old files.

The cloned drive has 2 users, one with an encrypted home drive, one without. Both are administrators. When I couldn't get into the main user (with the encrypted home directory), I logged in as the 2nd user and changed the password.

It seems that I somehow broke the relationship between the encryption passphrase and the user. I'm pretty sure I have the passphrase. Is there a way to get to the data?

Best Answer

The encrypted home directory (and encrypted private folder) features make use of a random mount passphrase. This mount passphrase is then stored encrypted with the user's login password. On login, the user's password is used to decrypt the mount passphrase and the key is used to mount the home directory.

When you perform a normal password change where the old password is requested before entering the new one, the mount passphrase can be re-encrypted with the new login password. When you perform an administrative password change, this can't be done since the key used to decrypt the mount passphrase is not provided.

In order to get in to the encrypted home directory now, you will need one of the following:

  • the old login password for the account.
  • the mount passphrase used when you set up the encrypted home directory (you would have been told to write this down somewhere).

If you have either of these, you should be able to access the data by running the following command and following the prompts:

sudo ecryptfs-recover-private /home/user

If you don not have either of these pieces of information, then the information is lost. This is by design, since if you could access the data under these circumstances then so could an attacker.