ecryptfs-verify

ecryptfs-verify [-h | --help] [-v | --verbose] <filename>

-h, --help
    Display help message and exit.

-v, --verbose
    Enable verbose output showing header details.

The ecryptfs-verify command is a utility from the eCryptfs-utils package used to check the validity of eCryptfs-encrypted files or mount points. eCryptfs is a stacked filesystem-level encryption system for Linux, allowing transparent encryption of individual files or directories.

It examines the specified <filename> to determine if it contains a valid eCryptfs file header—a 16-byte structure at the beginning of encrypted files that includes a magic number (0x3c81b7f5), version, and header size—or if the path is an active eCryptfs mount point with proper metadata.

This verification is crucial before attempting to mount or unwrap eCryptfs filesystems, preventing errors from corrupted or incompatible headers. In verbose mode, it provides detailed output about the header contents, such as extents and flags.

Originally developed for Ubuntu, eCryptfs provides POSIX-compliant per-file encryption without requiring a dedicated partition. The command exits with 0 on success (valid) or 1 on failure (invalid), making it suitable for scripts. Note that eCryptfs relies on kernel support via the ecryptfs module.

Requires ecryptfs-utils package; eCryptfs is legacy—prefer LUKS, dm-crypt, or fscrypt for new setups. Does not decrypt or mount; only verifies headers.

0: Valid eCryptfs file or mount.
1: Invalid.

ecryptfs-verify ~/encrypted_file
ecryptfs-verify -v /mnt/ecryptfs_point
Check file header: echo $? (0=valid).

Developed by Michael Halcrow and Canonical around 2006 for Ubuntu; integrated into Linux kernel 2.6.28 (2008). Part of eCryptfs-utils (>=0.1); widely used in Ubuntu until ~2018, now deprecated due to security/maintenance issues.

ecryptfs-mount-private(1), mount.ecryptfs(1), ecryptfs-add-passphrase(1), mount(8)