How to decrypt a Ubuntu 16.10 encrypted home folder?

I have a defunct Ubuntu 16.10 installation* on a separate hard drive. There are files on that drive, in my home directory, that I need access to, but are encrypted using Ubuntu's "encrypt home folder" option.

I am currently on Windows 7 with access to cygwin.

I am using "DiskInternals Linux Reader" to read the ext4 /home diretory.

I am able to get to /home/.encryptfs/joshua/ using DiskInternal's tool.

I see a folder .encryptfs and another .Private.

I have my login password for the defunct Ubuntu installation.

What next steps can I take to get access to the data?

*Defunct because I have since overwritten all of my drive's bootloaders and I am not able to boot into that system. Things were a mess and I am in the process of cleaning things up, and I forgot to copy some important files.

JoshuaD

Posted 2018-03-04T22:12:12.760

Reputation: 733

The easy way is to NOT use Windows. Booting from a simple and easy to make Linux USB has all the required tools already and in a native environment. – None – 2018-03-05T13:36:30.600

Answers

As strongly implied by the .encryptfs file, the files have been stored using the encFS encryption - so you just need software that can read this -

Google came up with

davidgo

Posted 2018-03-04T22:12:12.760

Reputation: 49 152

1.ecryptfs means eCryptFS. That's not the same thing as EncFS. – user1686 – 2018-03-07T15:27:08.780

@grawity - I think you are right - I just picked up on the hidden filename - but with hindsite, I think it's probably a Typo in the OP post. – davidgo – 2018-03-07T17:30:13.447

1It's certainly a typo, but I'm also quite sure that Ubuntu's "stock" homedir encryption is eCryptFS-based. – user1686 – 2018-03-07T17:43:47.530

You really want to run the eCryptfs utility ecryptfs-recover-private.

It's basically a "fire and forget" script, you can tell it where your encrypted files are or it searches everywhere for them, then it asks for your login passphrase or mount passphrase, then mounts the files in "a temporary directory, in the form of /tmp/ecryptfs.XXXXXXXX" for you to read/copy.

[You can even see exactly what the shell script does if you're so interested with less $(which ecryptfs-recover-private) ]

AFAIK the eCryptfs utilities have not been ported to windows, so you'll have to run a linux. Just about any distribution that supports eCryptfs should work, but Ubuntu 16.10 should still run good enough to just decrypt & read files even though it's no longer supported (16.04 is a LTS and still supported, or a more recent Ubuntu will probably read the older eCryptfs files ok).

I'd either:

Boot a live linux ISO and work from there, copying decrypted files to another windows-readable format/drive (or windows readable encryption if desired, TrueCrypt-like, VeraCrypt, maybe even LUKS?).

Booting from a USB or DVD is easy, or even from hard drive file if you repair or recover the bootloader (grub?) - actually running Boot-Repair from a live linux might get your old Ubuntu bootable again, but there's a chicken-or-egg problem booting another linux first anyway.
Use a virtual PC (like VirtualBox) to run a linux ISO, directly reading and decrypting the encrypted files (or if they're relatively small then copying them into the virtual linux PC).

Your folder descriptions sound a little off, there should be a /home/user folder with very little contents, and the /home/.ecryptfs/user folder with the actual encrypted contents, but that shouldn't be important unless your encrypted files have been deleted somehow. The recover script does a good job searching & should work if they're still available.

Xen2050

Posted 2018-03-04T22:12:12.760

Reputation: 12 097