Experiments with Encrypted Disks on Ubuntu

Because of some increased security demands, I decided that I need to explore and understand encrypted home directories.  First, I want to see it work where I can’t see the information from a Live CD.  Second, I want to make sure that I can still get to the information in case I have to rescue it from a Live CD.

So, here’s my experimentation…

Creating the First Virtual Machine

To make experimenting easy and risk-resistant, I created a VirtualBox virtual machine to work with.  I created a new Ubuntu 64-bit machine:

Creating the Initial Ubuntu Virtual Machine

During the first boot, I selected my new Ubuntu 13.10 image that I downloaded:

Choosing the Install CD

During the install, I selected to encrypt the home folder:

Encrypt Home Folder option

Just as a note, I picked “digitaleagle” as my password just to make it easy.  My understanding is that it uses this password as both my login and as part of the encryption passphrase to secure the files.

The rest of the install was very straightforward.

After logging in the first time, I was prompted to store my passphrase.

Update Information Dialog

I clicked Run this action now.  In the terminal window that it opens, it is expecting the login password.  In my case, I typed “digitaleagle”.

Entering the passphrase for encryption

The first time, I somehow missed the resulting passphrase.  No problem.  I opened a new terminal and ran the command like the instructions said (ecryptfs-unwrap-passphrase):

ecryptfs-unwrap-passphrase


digitaleagle@encrypt:~$ ecryptfs-unwrap-passphrase
Passphrase:
69eca3babcc6b900cbe10b0afcc463e3

Virtual Box Tools

When working with virtual machines, the tools program is important to install.  Without it, you can’t use File System shares, or more importantly, the clipboard sharing.  Without clipboard sharing, you can’t copy the commands that you are trying add to your notes on your host.

For some of the dependencies, I needed to enable the Partners repository.

Enabling Partners Repository

I installed the dependencies:

sudo apt-get install build-essential dkms

Finally, I used the Devices > Install Guest Additions menu to install them.

Installing the guest Additions

Unfortunately, there was a compile error that I could not get past.  It wasn’t worth troubleshooting at this point.

Creating a Secret

To see how the encryption works, I decided to create a secret.  Now, don’t tell anyone, but here’s my secret in the home directory:

My Secret

So, I booted up with the install ISO CD.  Then, I tried to mount the drive and see if I could see the secret.  It wouldn’t let me:

Trying to Access the Secrets

So, I decided to see what I could see with root privileges:


ubuntu@ubuntu:/media/ubuntu/d13497f5-0339-43f1-850a-122f409af760/home$ ls
digitaleagle
ubuntu@ubuntu:/media/ubuntu/d13497f5-0339-43f1-850a-122f409af760/home$ sudo ls digitaleagle/
Access-Your-Private-Data.desktop README.txt

Apparently, it’s all stored in the .Private and .encryptfs directory.

So, now that I have proven that I cannot see the “secret” file, I need to find a way to access that data.  The command for the job was “ecryptfs-recover-private”.  It was pretty easy to use.  I just had to enter the password for my “digitaleagle” user on my original installation.

ubuntu@ubuntu:~$ sudo ecryptfs-recover-private
INFO: Searching for encrypted private directories (this might take a while)...
INFO: Found [/media/ubuntu/d13497f5-0339-43f1-850a-122f409af760/home/.ecryptfs/digitaleagle/.Private].
Try to recover this directory? [Y/n]: y
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] y
INFO: Enter your LOGIN passphrase...
Passphrase:
Inserted auth tok with sig [84b5baa67535cfae] into the user session keyring
INFO: Success! Private data mounted at [/tmp/ecryptfs.zBLKUhqP].
ubuntu@ubuntu:~$ sudo ls /tmp/ecryptfs.zBLKUhqP
0 Documents examples.desktop Pictures Templates
Desktop Downloads Music Public Videos
ubuntu@ubuntu:~$ sudo cat /tmp/ecryptfs.zBLKUhqP/Documents/Secret.txt
This is a secret that no one should know!

I needed root privileges to get to it, but I can see it in Nautilus, too.

Viewing the Secret File

Using Redo Backup and Recovery

I just found Redo Backup and Recovery not too long ago.  So, I thought I would see if I could use it to see the encrypted “secret” file.  The challenge is that the encryption package is not installed by default.  So, I had to open a terminal window and install it:

Opening a terminal

sudo apt-get update
sudo apt-get install ecryptfs-utils

After that, I was able to use the ecryptfs-recover-private like I was with the Ubuntu Live CD.

Resources

Leave a Comment

Your email address will not be published.