ecryptfs-manager

ecryptfs-manager [action] [options]

add-passphrase
    Interactively add a new passphrase to the login keyring

remove-passphrase
    Remove a passphrase from the keyring (prompts for selection)

list-passphrases
    List fingerprints of passphrases in the keyring

mount-private
    Mount user's Private directory (~/Private -> ~/Private.mount)

unmount-private
    Unmount user's Private directory

recover-private
    Recover access to Private directory with wrapped passphrase

migrate-home
    Migrate unencrypted home to encrypted or vice versa

wrap-passphrase
    Wrap a passphrase to a file for backup

unwrap-passphrase
    Unwrap a passphrase from file to keyring

--help
    Show usage information

--version
    Display version

ecryptfs-manager is a command-line utility from the ecryptfs-utils package for managing eCryptfs, a stacked cryptographic filesystem for Linux. It provides an interactive menu or non-interactive subcommands to handle passphrase management, mounting/unmounting of encrypted private directories (like ~/Private), home directory migration to/from encrypted setups, and recovery operations.

Key features include adding or removing login passphrases to the kernel keyring, listing active keys, mounting the user's private folder transparently upon login via PAM integration, and unwrapping wrapped passphrases for backups. It's particularly useful for securing user home directories with plausible deniability and on-the-fly encryption without full disk encryption.

Designed for ease of use, it automates complex keyring and mount operations. Requires the ecryptfs-utils package and kernel support. Commonly used in Ubuntu for encrypted home setups during installation.

Interactive mode only in terminal; requires root or user keyring access. Not compatible with FUSE-less setups. Deprecated in some distros favoring LUKS/dm-crypt. Ensure PAM-ecryptfs for auto-mount on login.

Run ecryptfs-manager without arguments for a numbered text menu of all actions.
Example:
ecryptfs-manager

Install via apt install ecryptfs-utils. Enable during Ubuntu install or run ecryptfs-migrate-home -u $USER post-install.

Developed by Dustin Kirkland and team for Ubuntu 8.04 (Hardy Heron) in 2008 as part of ecryptfs-utils. Merged upstream into Linux kernel eCryptfs support. Widely used until ~2010s; maintenance slowed with rise of full-disk encryption tools.

ecryptfs-add-passphrase(1), ecryptfs-mount-private(1), ecryptfs-umount-private(1), ecryptfs-rewrap-passphrase(1), mount.ecryptfs(8)