ecryptfs-recover-private

ecryptfs-recover-private [mountpoint] [-l login] [-u user] [-h]

-h, --help
    Display usage summary and exit

-l login, --login=login
    Specify login name (default: current login)

-u user, --user=user
    Specify username (default: current user)

The ecryptfs-recover-private command recovers access to eCryptfs-encrypted private directories, typically ~/Private in user home folders on Ubuntu-like systems. eCryptfs stacks encryption on top of existing filesystems, and this tool is essential for manual recovery when automatic mounting fails, e.g., due to unclean shutdowns, passphrase issues, or migration.

It scans ~/.ecryptfs/wrapped-passphrase for encrypted session keys, prompts for the user's login passphrase to unwrap them, derives the filesystem key, and mounts the decrypted view to Private.mnt or a specified mountpoint. Defaults to current user/login, mounting read-write if possible.

Primarily for emergency recovery; regular use indicates setup issues. Requires eCryptfs kernel module and tools installed via ecryptfs-utils. Success depends on intact wrapped passphrases and correct login passphrase.

Requires login passphrase; fails if wrapped-passphrase absent or corrupted. Run as root/sudo for other users. May conflict with active mounts. Not for headless servers without console access. Back up ~/.ecryptfs first.

ecryptfs-recover-private
Recover for current user to default ~/Private.mnt.

sudo ecryptfs-recover-private -u otheruser
Recover another user's directory.

1. Prompt login passphrase.
2. Unwrap wrapped-passphrase.
3. Mount decrypted ~/Private to Private.mnt.
Files accessible until umount.

Developed by Michael Halcrow at IBM/Canonical (~2006); merged into Linux kernel 2.6.19. Default in Ubuntu 9.10-16.04; deprecated post-18.04 favoring LUKS/fscrypt.

ecryptfs-mount-private(1), ecryptfs-umount-private(1), ecryptfs-setup-private(1), mount.ecryptfs(8)