ecryptfs-recover-private

ecryptfs-recover-private [directory]

directory
    The directory to search for eCryptfs metadata. If omitted, the command searches the entire system. Specifying a directory can significantly speed up the recovery process.

The ecryptfs-recover-private command is a utility used to recover data encrypted using ecryptfs. This is crucial when the user's login passphrase is lost, or the system is unbootable but the underlying encrypted data still exists. The utility searches the specified directory (or the entire system, if no directory is specified) for eCryptfs metadata and attempts to mount the encrypted private directories. It prompts for the encryption passphrase (the user's login passphrase, or the wrapping passphrase if a wrapping passphrase was used). Upon successful decryption, it provides the mount point where the recovered data can be accessed. It is essential to back up your eCryptfs metadata and passphrase for disaster recovery.

This tool requires root privileges to properly search and mount the encrypted directories. Recovery is only possible if the underlying data is intact and the passphrase or wrapping passphrase is known. Data encrypted with a lost passphrase might be irrecoverable.

After the tool successfully decrypts and mounts the directory, it prints the mount point to the standard output. You can then access your files in the mount directory, and copy them to a safe location. You must unmount the directory with 'sudo umount ' after you finish.

The utility will prompt you for your login passphrase or a wrapping passphrase if that was used. If a wrapping passphrase was used, it must be provided for the recovery to be successful. Ensure you provide the correct passphrase. Typographical errors will lead to recovery failure.

ecryptfs was developed as part of the Ubuntu project to provide easy-to-use filesystem-level encryption. ecryptfs-recover-private was developed as a recovery tool which allows to restore the encrypted data in case of an emergency. Usage of ecryptfs-recover-private is decreased because it is considered deprecated, and it's replaced by fscrypt and other modern tools.

ecryptfsd(8), mount.ecryptfs(8), ecryptfs-setup-private(1)