I am attempting to recover data from a failed NAS device (Seagate BlackArmor 440)

I have have recovered the files, determined that the encryption used is ecryptfs and deciphered how the NAS USB key is used as the passphrase to mount the directory but I still cannot successfully decrypt the files.

ecryptfs-stat shows File version [3] for encrypted files created with any recent version of ecryptfs-utils (recent being in the last decade).

But the files I am attempting to recover show as File version [2]

File version: [2]
Decrypted file size: [25]
Number of header bytes at front of file: [8192]
Metadata in the header region
Encrypted
HMAC disabled

I cannot find any documentation on the meaning of File version but I assume that version 2 indicates that these files were encrypted by some very early version of ecryptfs. I have run across mention that ecryptfs broke compatibility across versions over the years but no clear indication of when or at what version number.

Am I looking in the right place? How far back into ecryptfs history should I be looking for a version that can decrypt these files?

Or am I completely off base on my assumed meaning of File Version?

Any guidance is appreciated. Thanks!

Solution

So I kept trying versions further and further back in time and finally found one outputs encrypted files labeled Version 2 in the metadata. Not very surprisingly that version can decrypt my files.

For anyone else who might run into this some day, I was able to do it with Kernel 2.6.21 and the associated ecryptfs kernel module circa 2007.