Monday, May 6, 2024
Homepage · 11.04
 Popular · Latest · Hot · Upcoming
14
rated 0 times [  14] [ 0]  / answers: 1 / hits: 25360  / 1 Year ago, wed, april 19, 2023, 6:18:25

After entering the correct passphrase at the command ecryptfs-mount-private, I am getting this error:



torben@torben-nettop:~$ sudo ecryptfs-recover-private

INFO: Searching for encrypted private directories (this might take a while)...

INFO: Found [/media/0f417b42-11a0-4539-9cae-e11ce3b289c3/home/.ecryptfs/

  torben/.Private].

Try to recover this directory? [Y/n]: y

INFO: Enter your LOGIN passphrase...

Passphrase: 

Error: Unwrapping passphrase and inserting into the user session keyring

  failed [-5]

Info: Check the system log for more information from libecryptfs

torben@torben-nettop:~$


Syslog has this information:



ecryptfs-insert-wrapped-passphrase-into-keyring:  

  Incorrect wrapping key for file [/home/torben/.ecryptfs/wrapped-passphrase]  

ecryptfs-insert-wrapped-passphrase-into-keyring: Error attempting to unwrap

  passphrase from file [/home/torben/.ecryptfs/wrapped-passphrase]; rc = [-5]


--> Given that I am absolutely sure that I am entering the correct passphrase, what can I do to fix this problem so that I can read the encrypted home folder?



Some background:




  • I have installed Ubuntu 11.04 on a new drive and I want to copy my home folder from the old drive, which is encrypted (I have the passphrase).

  • With the help of Marco Ceppi in the chat, I followed these precise steps yesterday and successfully gained access to the encrypted home folder. This proves that my passphrase does indeed work.

  • I then started the machine on copying from the old encrypted home folder to the new unencrypted home folder and went to bed. When I returned to the computer, I saw that it had suspended itself :( and had not finished copying the folder.

  • I rebooted the computer, and removed the temporary /recovery folders, then followed the exact same steps again, but this is when I encountered the error given above. I tried this several times; always the same result. I am absolutely sure that I am typing the passphrase correct.


More From » 11.04
 Answers
1

Updated: 19 June 2018



Summary



I was recently getting the a similar error, when trying to decrypt some data from an external drive. Every time the error message was from an invalid password, I can duplicate this all day long. Instead using ecryptfs-recover-private I was using ecryptfs-unwrap-passphrase, which I think is for specific data, though I don't feel like looking up the difference.



Note: This is not a copy/paste guide, it is more of a record of my success.



Unwrapping The Passphrase



You'll need to find your wrapped-passphrase file. If you're not sure where it is you can use find. After you mount your volume you can do:



sudo find /media -name wrapped-passphrase


You'll want to substitute the path which returns for my paths listed below.



My steps after mounting the old drive.



cd /media/_UUID_/.ecryptfs/paulj/.encryptfs

ecryptfs-unwrap-passphrase ./wrapped-passphrase

Passphrase:


It will always prompt for a passphrase, this is the password initially setup when you created the encrypted home directory when you installed Ubuntu. In the setup it highly recommends that you use a different password than your login password... if you've been trying your login password for the last hour and failing, try some different ones .. try that one password which you rarely use.



I had forgotten what mine was, I tried all of my super awesome passwords, and I kept getting this error message:



Error: Unwrapping passphrase failed [-5]

Info: Check the system log for more information from libecryptfs


After searching google for about an hour, I figured I'd try a password I knew was bad, so I put in password at the Passphrase prompt.



The following was spit out:



116b053e08564b53b2967e64e509bdc5


I reran ecryptfs-unwrap-passphrase and tried a different password and received the same -5 error message as listed above. It turns out that I had actually set the passphrase to password, probably due to my frustrations with decrypting data in ubuntu in the past.



Add Passphrase to Keying



Adding the passphrase to ecryptfs-add-passphrase, use the passphrase generated in the previous step.



sudo ecryptfs-add-passphrase --fnek

Passphrase: 116b053e08564b53b2967e64e509bdc5


Outputs:



Inserted auth tok with sig [b69fed2a22932ba4] into the user session keyring

Inserted auth tok with sig [8aad0fb4482edab3] into the user session keyring


Mount or Recover



At this point you have two options, I suggest attempting to mount, then if you can't mount, try recovering.



Mounting the Drive



It is easy to think of the .Private directory as an unmounted volume.



Again here you'll need to specify your own directories.



sudo mkdir -p /home/paulj/Private

sudo mount -t ecryptfs /media/_UUID_/.ecryptfs/paulj/.Private /home/paulj/Private



Passphrase: 116b053e08564b53b2967e64e509bdc5

Select cipher: 

 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (loaded)

 2) blowfish: blocksize = 16; min keysize = 16; max keysize = 56 (not loaded)

 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)

 4) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)

 5) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)

Selection [aes]: aes



Select key bytes: 

 1) 16

 2) 32

 3) 24

Selection [16]: 16



Enable plaintext passthrough (y/n) [n]: n



Enable filename encryption (y/n) [n]: y <-- If your filenames display oddly, toggle this to y or n.



{this is the second value from Inserted auth tok...}

Filename Encryption Key (FNEK) Signature: 8aad0fb4482edab3



Attempting to mount with the following options:

  ecryptfs_unlink_sigs

  ecryptfs_fnek_sig=8aad0fb4482edab3

  ecryptfs_key_bytes=16

  ecryptfs_cipher=aes

  ecryptfs_sig=b69fed2a22932ba4

Mounted eCryptfs


Hopefully when you initially created the encrypted drive you didn't mess around with the cypher or key bytes.



Shows all data in my old home directory.



cd /home/paulj/Private

ls -la


Note: At this point if you get invalid permission/owner/group sets, you're going to want to unmount the drive and skip down to the Recover section.



If you get a good permission set, copy that junk out out of the encrypted drive to the desktop for example.



mkdir ~/Desktop/Backup

cp -Rv ./* ~/Desktop/Backup


Recover



I discovered I couldn't successfully mount my ecryptfs. ls was displaying invalid permission/owner/group settings. It looked something like the following:



total ??

d????-??-?  ?? ??      ??      ??   ??            .

d????-??-?   6 root    root    4.0K Jun 19 11:42  ..

d???------  ?? ??      ??      ??   ??            .aptitude

d????-??-?  ?? ??      ??      ??   ??            .autoenv

-??-?--?--  ?? ??      ??      ??   ??            .autoenv_authorized

d????-??-?  ?? ??      ??      ??   ??            .aws

-??-?--?--  ?? ??      ??      ??   ??            .bash_aliases

-??-------  ?? ??      ??      ??   ??            .bash_history

-??-?--?--  ?? ??      ??      ??   ??            .bash_logout

-??-?--?--  ?? ??      ??      ??   ??            .bashrc

d????-??-?  ?? ??      ??      ??   ??            bin

d????-??-?  ?? ??      ??      ??   ??            .cache

d????-??-?  ?? ??      ??      ??   ??            code

d????-??-?  ?? ??      ??      ??   ??            .config


I am not sure why I wound up with problems with using mount, so I started messing around with ecryptfs-recover-private and had some luck.



Again, you'll have to use your own generated passphrase from above. Note that I used the --rw switch here to make the mount read/write, if you omit the switch it will mount read-only.



sudo ecryptfs-recover-private --rw /media/_UUID_/.ecryptfs/paulj/.Private



INFO: Found [/media/_UUID_/.ecryptfs/paulj/.Private].

Try to recover this directory? [Y/n]: Y

INFO: Found your wrapped-passphrase

Do you know your LOGIN passphrase? [Y/n] Y

INFO: Enter your LOGIN passphrase...

Passphrase: 116b053e08564b53b2967e64e509bdc5

Inserted auth tok with sig [b69fed2a22932ba4] into the user session keyring

INFO: Success!  Private data mounted at [/tmp/ecryptfs.idv9OohY].


The tmp path it outputs will contain your encrypted mount.



ls -la /tmp/ecryptfs.idv9OohY


This should show your full path with proper permission sets. Now copy it out somewhere.



mkdir ~/Desktop/Recovered

sudo cp -Rv /tmp/ecryptfs.idv9OohY ~/Desktop/Recovered


In Closing



GOOD LUCK!!



You should be able to use this for any variant of Ubuntu, I for instance have used it in and between Ubuntu and Mint and Lubuntu.



If you're just finding this thread, unless you specifically used password as your Passphrase, those hex values won't work.


[#43558] Thursday, April 20, 2023, 1 Year  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
soahan
Add To Favorites
Follow
Total Points: 230
Total Questions: 123
Total Answers: 123
Location: Maldives
Member since Tue, Dec 21, 2021
2 Years ago
soahan questions
Tue, Aug 3, 21, 01:56, 3 Years ago
Fri, May 7, 21, 06:17, 3 Years ago
Mon, Jan 16, 23, 05:49, 1 Year ago
Mon, Dec 13, 21, 14:40, 2 Years ago
Wed, Feb 15, 23, 16:34, 1 Year ago
View All
;