Because of some increased security demands, I decided that I need to explore and understand encrypted home directories. First, I want to see it work where I can’t see the information from a Live CD. Second, I want to make sure that I can still get to the information in case I have to rescue it from a Live CD.
So, here’s my experimentation…
Creating the First Virtual Machine
To make experimenting easy and risk-resistant, I created a VirtualBox virtual machine to work with. I created a new Ubuntu 64-bit machine:
During the first boot, I selected my new Ubuntu 13.10 image that I downloaded:
During the install, I selected to encrypt the home folder:
Just as a note, I picked “digitaleagle” as my password just to make it easy. My understanding is that it uses this password as both my login and as part of the encryption passphrase to secure the files.
The rest of the install was very straightforward.
After logging in the first time, I was prompted to store my passphrase.
I clicked Run this action now. In the terminal window that it opens, it is expecting the login password. In my case, I typed “digitaleagle”.
The first time, I somehow missed the resulting passphrase. No problem. I opened a new terminal and ran the command like the instructions said (ecryptfs-unwrap-passphrase):
digitaleagle@encrypt:~$ ecryptfs-unwrap-passphrase Passphrase: 69eca3babcc6b900cbe10b0afcc463e3
Virtual Box Tools
When working with virtual machines, the tools program is important to install. Without it, you can’t use File System shares, or more importantly, the clipboard sharing. Without clipboard sharing, you can’t copy the commands that you are trying add to your notes on your host.
For some of the dependencies, I needed to enable the Partners repository.
I installed the dependencies:
sudo apt-get install build-essential dkms
Finally, I used the Devices > Install Guest Additions menu to install them.
Unfortunately, there was a compile error that I could not get past. It wasn’t worth troubleshooting at this point.
Creating a Secret
To see how the encryption works, I decided to create a secret. Now, don’t tell anyone, but here’s my secret in the home directory:
So, I booted up with the install ISO CD. Then, I tried to mount the drive and see if I could see the secret. It wouldn’t let me:
So, I decided to see what I could see with root privileges:
ubuntu@ubuntu:/media/ubuntu/d13497f5-0339-43f1-850a-122f409af760/home$ ls digitaleagle ubuntu@ubuntu:/media/ubuntu/d13497f5-0339-43f1-850a-122f409af760/home$ sudo ls digitaleagle/ Access-Your-Private-Data.desktop README.txt
Apparently, it’s all stored in the .Private and .encryptfs directory.
So, now that I have proven that I cannot see the “secret” file, I need to find a way to access that data. The command for the job was “ecryptfs-recover-private”. It was pretty easy to use. I just had to enter the password for my “digitaleagle” user on my original installation.
ubuntu@ubuntu:~$ sudo ecryptfs-recover-private INFO: Searching for encrypted private directories (this might take a while)... INFO: Found [/media/ubuntu/d13497f5-0339-43f1-850a-122f409af760/home/.ecryptfs/digitaleagle/.Private]. Try to recover this directory? [Y/n]: y INFO: Found your wrapped-passphrase Do you know your LOGIN passphrase? [Y/n] y INFO: Enter your LOGIN passphrase... Passphrase: Inserted auth tok with sig [84b5baa67535cfae] into the user session keyring INFO: Success! Private data mounted at [/tmp/ecryptfs.zBLKUhqP]. ubuntu@ubuntu:~$ sudo ls /tmp/ecryptfs.zBLKUhqP 0 Documents examples.desktop Pictures Templates Desktop Downloads Music Public Videos ubuntu@ubuntu:~$ sudo cat /tmp/ecryptfs.zBLKUhqP/Documents/Secret.txt This is a secret that no one should know!
I needed root privileges to get to it, but I can see it in Nautilus, too.
Using Redo Backup and Recovery
I just found Redo Backup and Recovery not too long ago. So, I thought I would see if I could use it to see the encrypted “secret” file. The challenge is that the encryption package is not installed by default. So, I had to open a terminal window and install it:
sudo apt-get update sudo apt-get install ecryptfs-utils
After that, I was able to use the ecryptfs-recover-private like I was with the Ubuntu Live CD.