[SOLVED] Recovering LUKS encrypted files and folders

Using TestDisk to repair the filesystem
Forum rules
When asking for technical support:
- Search for posts on the same topic before posting a new question.
- Give clear, specific information in the title of your post.
- Include as many details as you can, MOST POSTS WILL GET ONLY ONE OR TWO ANSWERS.
- Post a follow up with a "Thank you" or "This worked!"
- When you learn something, use that knowledge to HELP ANOTHER USER LATER.
Before posting, please read https://www.cgsecurity.org/testdisk.pdf
Locked
Message
Author
peldritch
Posts: 2
Joined: 20 Feb 2018, 21:23

[SOLVED] Recovering LUKS encrypted files and folders

#1 Post by peldritch »

Hello,
I have been trying to wrap my head around my problem (and potential solutions), with mixed success, so please forgive me if I include irrelevant information. I am trying to recover my /home folder that was somehow damaged. It is LUKS encrypted LVM partition. I can mount and decrypt this disk, but I can't see any of my files! There are folders labeled .ecryptfs and .Private, but I don't know what to do with them. I have run photorec on this drive, and among the thousands of files it found, are many with .ecryptfs file extensions. I believe these contain the files from my home folder that I wish to recover. I don't understand why they remain encrypted, even after mounting the drive with my passphrase... or what further steps I may take to access them :( As far as I can tell, my LUKS header is intact.

In case it gives any insight, I will explain what happened prior to this problem. I was attempting to make a bootable usb. I used the dd command to write an image to /dev/sdb, whereupon my computer completely froze. I rebooted via Alt+PrtSc+REISUB. During boot, I was prompted for my disk password, I entered it, the computer booted and I was presented with my user name at the login screen. When I entered my password, I got an error about my .dmrc file permissions, and was unable to continue. I went to a shell prompt where I was able to log in, and ls my home directory but it didn't show any of my files! The only folder there was a mount point for a network share.

I really don't want to give up on these files yet, and I sense they are not totally lost, but I have reached the limit of what I can do without some help. My next project will be a robust backup regime! Thanks for reading, and I appreciate any help anyone can provide me.
Last edited by peldritch on 22 Feb 2018, 10:26, edited 1 time in total.

User avatar
cgrenier
Site Admin
Posts: 5432
Joined: 18 Feb 2012, 15:08
Location: Le Perreux Sur Marne, France
Contact:

Re: Recovering LUKS encrypted files and folders

#2 Post by cgrenier »

ecryptfs is a file level encryption system, it can be used on top of LUKS.
See viewtopic.php?f=7&t=7535

peldritch
Posts: 2
Joined: 20 Feb 2018, 21:23

Re: Recovering LUKS encrypted files and folders

#3 Post by peldritch »

Thanks for your reply. I think I jumped to conclusions, and assumed my data had been overwritten. I didn't realize ecryptfs was how my /home was encrypted, and assumed it was a peculiarity of the recovery tools. After reading the link you shared, and some trial and error, I ran

sudo ecryptfs-recover-private .Private/

And it worked! I am so happy to see all my files again after a week of feeling doomed. Thanks for helping me, even though my problem was tangential to your software.

Locked