Borked my encrypted home folder

So I think I messed up pretty badly and I am prepared for the worst. But here it goes.

I use Manjaro Linux on my XPS 15 with an encrypted home folder via these instructions. This worked very nicely because I had also setup auto-mounting which was possible because my user password and encryption passphrase where the exact same.
Now the trouble starts. I changed my user password because I was tired of it (really annoying password to type), so my auto-mounting wasn’t working anymore because the user password and encryption passphrase weren’t the same anymore. So I wanted to change my encryption passphrase to my new password. So I found in the man pages this comand: ecryptfs-rewrap-passphrase and when googling what I was trying to do I also found this command.
So logged out of my user account, logged into the root account and I ran the command. Entered my old passphrase and then entered my new password as the new passphrase and it exited successfully. I rebooted my system and…it didn’t unecrypt my disk.

Signature nont found in user keyring
Perhaps try the interactive ecryptfs-mount-private

Using ecryptfs-mount-private and entering my new passphrase only results in getting:

Failed to detect wrapped passphrase version: Permission denied
Error attempting to unwrap passphrase from file [/home/{user}/.ecryptfs/wrapped-passphrase]: rc = [-13]

So I tried using ecryptfs-rewrap-passphrase to change my passphrase back to the old one, which didn’t do anything.

I had almost everything backed-up except for some videos and config files, that I am aware of…
So it ain’t too bad, but I would like not having to reconfigure my system, which would save me massive amounts of time.
I would really appreciate any advice or explainations of what I did wrong.

Could you have used sudo ecryptfs-rewrap-passphrase? The first thing that comes to mind there is that since it was as root it has a different signature than the passphrase for your user.

But I don’t know too much about that, let me know if that’s just tosh.

Did you try logging in as root again and decrypting with the new password? If nothing else backing up those files.

1 Like

I executed ecryptfs-rewrap-passphrase whilst being logged in as root, like logged in as root in a tty, without having my actual user logged in on another tty. I am quite sure I did it like this, but after all of this happened I am doubting myself… :frowning:

So I tried logging in as root and using ecryptfs-mount-private, this doesn’t work because the this command looks in ~/ for the encrypted folder, which is /root when logged in as root.
So I changed the home folder of root in /etc/passwd to /home/{user}
Now it doesn’t give a permission denied error! :smiley:

Inserted auth tok with sig [random string of characters] into the user session keyring
You do not own that mountpoint.

But this doesn’t actually unecrypt my files. So now I think I need to figure out how to give root the permission to mount the home folder, it seems like it unencrypted it but failed at the mounting.

EDIT:
My logs say

Mount of device (uid: 1000) not owned by requested user (uid: 0)
Reading sb failed; rc = [-1]

And in my /home/{user}/.ecryptfs my .Private folder is gone and there is now a Private.mnt and Private.sig
Could I maybe login with my user and mount that Private.mnt?
I can’t find anything online about an .mnt file.
Scared to reboot or logout at this point. :confounded:

DOUBLE EDIT:
Fuck yes, I decrypted and mounted my home folder!
So I was duckduckgo’ing how to decrypt it as another use because you metioned that and duckduckgos instant answer gave me the solution. After finding out the .Private folder is in

/home/{user}

instead of

/home/{user}/.ecryptfs

(this is might be the case on Ubuntu but it’s not on Manjaro)
I used

ecryptfs-recover-private /home/{user}/.Private

This worked perfectly, my home folder is now unecrypted and mounted in

/tmp/ecryptfs.{randomstringofcharacters}

Thanks a ton for sending me in the right direction. :star_struck:
I am backing this shit up as I am typing this.

Now I am wondering how to turn this into a working again system again. I will probably copy back the unencrypted files to my home folder and just use my system unencrypted for the time being.

2 Likes

Hazzah~! Glad I could be someone elses rubber duck this time.

2 Likes