Ubuntu – Recovering data from Private in an ecryptfs backup when the new home is also encrypted


I have a backup of /home from my old system on an external drive. The ~ on my new system has full home encryption from ecryptfs. I want to decrypt the Private on the old home and copy its now-decrypted contents to the new home.

I actually have the ~/.Private and ~/.ecryptfs from the old system on my new system as well. I tried mounting it from there before, but it's not possible. I've confirmed with Dustin Kirkland (ecryptfs developer) that you can't have an encrypted home AND an encrypted private in use at the same time.

I tried mounting the backup drive over /home and running and ecryptfs-mount-private and entering my login password (same on old system and new), but ~/Private wasn't decrypted.

Best Answer

The best way to recover is by using the ecryptfs-recover-private utility from a LiveISO.

I say that because this will ensure that your recovery happens in a safe, repeatable, read-only environment.

That said, you certainly can run ecryptfs-recover-private on a running system. But I'd strongly recommend that you log out all instances of the user you're trying to recover, and then login as root or some other user.

Related Question