ecryptfs-recover-private

ecryptfs-recover-private [-s SOURCE_DIRECTORY | SOURCE_DIRECTORY] [-t TARGET_DIRECTORY] [OPTIONS]

-h, --help
    Displays a help message and exits.

-d, --dry-run
    Performs a scan and shows what would happen without actually attempting to mount any filesystems.

-f, --force
    Forces the mount operation, overriding some warnings or checks.

-j, --json
    Outputs scan results in JSON format, suitable for programmatic parsing.

-s SOURCE_DIRECTORY, --source-directory SOURCE_DIRECTORY
    Specifies the source directory containing the encrypted eCryptfs data. If not specified, the command will scan common locations or the entire filesystem.

-t TARGET_DIRECTORY, --target-directory TARGET_DIRECTORY
    Specifies the target directory where the recovered eCryptfs content will be mounted. If not specified, a temporary directory will be created automatically.

ecryptfs-recover-private is a utility designed to help users recover and mount eCryptfs encrypted directories. It automatically scans specified paths (or the entire filesystem if none is given) for eCryptfs metadata, prompts for the passphrase(s), and attempts to mount the discovered encrypted content to a temporary location. This command is particularly useful in scenarios where the original system is unbootable, a user needs to access their encrypted home directory from a live environment, or after a system reinstall where the eCryptfs filesystem wasn't automatically remounted. It significantly simplifies the often complex process of manually mounting eCryptfs volumes by handling mount options and key management, making data recovery more accessible.

• ecryptfs-recover-private absolutely requires the correct passphrase(s) associated with the encrypted data. Without it, recovery is impossible.
• The kernel's ecryptfs module must be loaded for this command to function properly.
• It assumes the existence of the original encrypted files and their metadata. If these are corrupted or deleted, recovery may not be possible.
• Mounted directories will typically be owned by root if run with sudo; careful handling of permissions may be required after mounting.
• The command typically mounts to a temporary directory under /tmp or /media, which will be unmounted upon reboot or user logout unless explicitly unmounted.

If no source directory is explicitly provided, ecryptfs-recover-private will automatically scan common locations such as /home/*/.Private or even the entire filesystem (when run as root) for eCryptfs encrypted data. This makes it incredibly convenient for recovery operations from a live CD or rescue environment.

The command will interactively prompt for the user's login passphrase, which is often used to wrap the eCryptfs master passphrase. This secure interactive prompt ensures that sensitive keying material is handled appropriately.

By default, recovered directories are mounted to a newly created temporary directory, typically under /tmp or /media. This streamlined approach means users don't have to manually create and manage mount points, simplifying the access to their decrypted data.

ecryptfs-recover-private is an integral part of the ecryptfs-utils package, which provides userspace utilities for managing the eCryptfs cryptographic filesystem. Its development emerged from the need to simplify common eCryptfs operations, especially in recovery scenarios, as manual mounting of eCryptfs volumes can be complex due to various keying options and mount parameters. Its inclusion reflects the commitment to providing user-friendly tools for managing encrypted home directories, a common security feature across many Linux distributions.

mount(8), umount(8), ecryptfs-add-passphrase(1), ecryptfs(7), ecryptfs-migrate-home(8)