Recovering encrypted drives

I’ve been disappointed in Ubuntu for several years now, since they switched to the Unity desktop. And for a number of years, my notebook has been chewing up processor power for the simplest of tasks, something I believe may have to do with the fact that I encrypted my home drive during the last install.

I have a couple of serious deadlines coming up and I can’t afford to work on a computer that freezes for a minute or so everytime I try to convert pdf to html, add a new reference to Zotero or access Chrome.

So time to update the system. Here were the tasks I saw before me:

  1. Backup my files on the system (that will be /home, /var/www, and a dump of all the SQL)
  2. Install a new system, reformating /home and /var and copying the files from my backups.

To make the backups, I did two things: I backed the files up using scp to an online repository; and I copied all my /home files to /var/www, with the idea that I could leave this directory unmounted during installation, then mount it and copy all the files back to the new /home.

Of course things went wrong:

  1. Using scp I forgot to set the archive option. This meant that all my original date, ownership, and group metadata was lost (replaced by the current datestamp and the username I used to access the backup directory). This is a serious issue, since the files go back 15+ years, though it is less serious than having them all vaporised. In practice, however, this is best used as a backup backup.
  2. Despite my careful checking of notes, I ended up reformating my original /var drive rather than my original /home. This meant that instead of my backups, I had the original, encrypted drive preserved. So I deleted this second backup, but preserved the originals instead.

Unfortunately, this also meant that the problem that started all this also remained: the files were on an encrypted drive, and, worse, one that was now unmounted and unconnected to any files system. If I couldn’t find the hex passkey, all the data would be lost.

Fortunately, after many years of crashing computers, I have learned to keep passwords and the like when I’m told to. And so a quick look in my online backups found the file encryptionPassKey (this is more secure and less useful than it sounds: the file was in the encrypted file system, which means it would be safe should somebody try to crack my drive, but also useless to me if I needed to find it in order to unlock same drive; this is why it is a good idea to back things up twice!).

Mounting and extracting the information was simple from there on following the instructions here

  1. create a new mount point for your home directory, e.g. sudo mkdir /mnt/oldhome
  2. find and mount the partition with the encrypted drive to this location. This means the file .Private. you do this using ecryptfs-recover-private (which you may need to install first).
    1. if you don’t know where the file is, run sudo ecryptfs-recover-private with no options; it will scan your drives for .Private files.
    2. if you do know where the .Private file is, you can specify it directly (e.g. sudo ecryptfs-recover-private /mnt/oldhome/dan/.ecryptfs/.Private
  3. Follow the instructions. You may or may not be asked for your key. You may or may not be asked for the password you used to log in to the system you are currently working on. In my case, I was asked the second.
  4. The drive is mounted read only.

tags: , , , ,


Get every new post delivered to your Inbox

Join other followers: