User:Aries97/Scratch Pad/Mount Encrypted Ubuntu Home Directory

First make sure ecryptfs is enabled in your kernel, the Gentoo Wiki has an excellent article here:

https://wiki.gentoo.org/wiki/Ecryptfs

The commands I used are: su cd /usr/src/linux make menuconfig

{ File systems  ---> [*] Miscellaneous filesystems --->   eCrypt filesystem layer support Security options ---> [*] Enable access key retention support }

( If you have external kernel modules you probably don't have to rebuild them, but just in case:    make modules_prepare     emerge --ask @module-rebuild )

make && make modules_install mount /boot make install

{reboot!}

emerge --ask sys-fs/ecryptfs-utils

{So you've got to find your Ubuntu encrypted home directory, I let Gentoo automagically mount my old hard drive and it put it at /run/media/anon/27a70809-cb85-43eb-908f-ecb759dd4c99/

So my old home directory is now at: /run/media/anon/27a70809-cb85-43eb-908f-ecb759dd4c99/home/anon

That folder is, however, empty; except for some symbolic links. Ubuntu puts the encrypted files in a different directory; and then mounts it back on the home directory. All my files are actually here: /run/media/anon/27a70809-cb85-43eb-908f-ecb759dd4c99/home/.ecryptfs/anon/.Private

We have to generate the filename encryption key from the passphrase before we issue the mount command. If we add the passphrase to the keyring, with the --fnek option it will generate the filename encryption key; it will be the second hexadecimal number in brackets:

ecryptfs-add-passphrase --fnek Passphrase: Inserted auth tok with sig [45a2401898263e0f] into the user session keyring Inserted auth tok with sig [91f6e7ae96b0047e] into the user session keyring

All ready to mount now!

mount -t encryptfs /run/media/anon/27a70809-cb85-43eb-908f-ecb759dd4c99/home/.ecryptfs/anon/.Private /run/media/anon/27a70809-cb85-43eb-908f-ecb759dd4c99/home/anon

Enter at the interactive prompt: 1) Passphrase 2) Choose aes 3) Choose 16 byte key 4) Choose to not ('n') enable plaintext passthrough. 5) Choose ('y') to enable filename encryption. 6) Enter Filename Encryption Key (FNEK) [It's the second one in square brackets above]

Helpful links: https://wiki.gentoo.org/wiki/Ecryptfs https://help.ubuntu.com/community/EncryptedPrivateDirectory#Live_CD_method_of_opening_a_encrypted_home_directory