3
# ecryptfs-recover-private
4
# Copyright (C) 2010 Canonical Ltd.
6
# Authors: Dustin Kirkland <kirkland@ubuntu.com>
8
# This program is free software: you can redistribute it and/or modify
9
# it under the terms of the GNU General Public License as published by
10
# the Free Software Foundation, version 2 of the License.
12
# This program is distributed in the hope that it will be useful,
13
# but WITHOUT ANY WARRANTY; without even the implied warranty of
14
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
# GNU General Public License for more details.
17
# You should have received a copy of the GNU General Public License
18
# along with this program. If not, see <http://www.gnu.org/licenses/>.
29
# We need root access to do the deep find and the mount
30
[ "$(id -u)" = "0" ] || error "This program must be run as root."
34
if [ "$1" = "--rw" ]; then
40
# Allow for target directories on the command line
43
# Otherwise, search the system for directories named ".Private"
44
info "Searching for encrypted private directories (this might take a while)..."
45
dirs=$(find / -type d -name ".Private")
46
if [ -z "$dirs" ]; then
47
info "Hint: click 'Places' and select your hard disk, then run this again."
48
error "No private directories found; make sure that your root filesystem is mounted."
56
echo -n "Try to recover this directory? [Y/n]: "
58
case "$answer" in n*|N*) continue ;; esac
62
# Determine if filename encryption is on
63
ls "$d/ECRYPTFS_FNEK_ENCRYPTED"* >/dev/null 2>&1 && fnek="--fnek" || fnek=
64
if [ -f "$d/../.ecryptfs/wrapped-passphrase" ]; then
65
info "Found your wrapped-passphrase"
66
echo -n "Do you know your LOGIN passphrase? [Y/n] "
70
# Use the wrapped-passphrase, if available
71
info "Enter your LOGIN passphrase..."
72
ecryptfs-insert-wrapped-passphrase-into-keyring "$d/../.ecryptfs/wrapped-passphrase"
73
sigs=$(sed -e "s/[^0-9a-f]//g" "$d/../.ecryptfs/Private.sig")
74
use_mount_passphrase=0
77
use_mount_passphrase=1
81
# Fall back to mount passphrase
82
info "Could not find your wrapped passphrase file."
83
use_mount_passphrase=1
85
if [ "$use_mount_passphrase" = "1" ]; then
87
info "To recover this directory, you MUST have your original MOUNT passphrase."
88
info "When you first setup your encrypted private directory, you were told to record"
89
info "your MOUNT passphrase."
90
info "It should be 32 characters long, consisting of [0-9] and [a-f]."
92
echo -n "Enter your MOUNT passphrase: "
95
passphrase=$(head -n1)
98
sigs=$(printf "%s\0" "$passphrase" | ecryptfs-add-passphrase $fnek | grep "^Inserted" | sed -e "s/^.*\[//" -e "s/\].*$//" -e "s/[^0-9a-f]//g")
100
case $(echo "$sigs" | wc -l) in
102
mount_sig=$(echo "$sigs" | head -n1)
104
mount_opts="$opts,ecryptfs_sig=$mount_sig,ecryptfs_cipher=aes,ecryptfs_key_bytes=16"
107
mount_sig=$(echo "$sigs" | head -n1)
108
fnek_sig=$(echo "$sigs" | tail -n1)
109
mount_opts="$opts,ecryptfs_sig=$mount_sig,ecryptfs_fnek_sig=$fnek_sig,ecryptfs_cipher=aes,ecryptfs_key_bytes=16"
115
(keyctl list @u | grep -qs "$mount_sig") || error "The key required to access this private data is not available."
116
(keyctl list @u | grep -qs "$fnek_sig") || error "The key required to access this private data is not available."
117
tmpdir=$(mktemp -d /tmp/ecryptfs.XXXXXXXX)
118
if mount -i -t ecryptfs -o "$mount_opts" "$d" "$tmpdir"; then
119
info "Success! Private data mounted at [$tmpdir]."
121
error "Failed to mount private data at [$tmpdir]."
added
removed
src/utils/ecryptfs-recover-private
