重新安装后从单独分区解密 $HOME

Question 1

你真幸运！我刚刚遇到了同样的问题，并编写了一个脚本，以便于使用 FNEK 安装 ecryptfs 文件夹。

sudo su -

然后打开 nano/vim/您选择的编辑器并创建一个ecryptfs-fnek-helper.sh包含以下内容的文件：

#!/bin/bash

# Thanks to https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/455709
# 

echo "Where is the /home with the .ecryptfs mounted? (default=/mnt/home)"
read home_ecryptfs
if [ -z "$home_ecryptfs" ]; then
    home_ecryptfs=/mnt/home
fi
home_ecryptfs=$home_ecryptfs/.ecryptfs

echo "Whose encrypted home would you like to mount?"
read user
if [ -z "$user" ]; then
    echo "You have to enter a user!"
    exit;
fi

echo "What is the user's password?"
read -s password
if [ -z "$password" ]; then
    echo "You have to enter a password!"
    exit;
fi

echo "Where would you like to mount it? (Default: /mnt/[username])"
read target
if [ -z "$target" ]; then
    target=/mnt/$user
fi
target=$target/
mkdir -p $target

wrapped=$home_ecryptfs/$user/.ecryptfs/wrapped-passphrase
sig=$home_ecryptfs/$user/.ecryptfs/Private.sig
private=$home_ecryptfs/$user/.Private/

echo I will be mounting $private into $target.

echo "Clearing the keyring."
keyctl clear @u
keyctl list @u

echo "Unwrapping passphrase and inserting it into key:"
printf "%s" $password | ecryptfs-insert-wrapped-passphrase-into-keyring $wrapped -

keyctl list @u

echo -e "\e[0;92mPassphrase:"
echo -e '\e[1;92m'`printf "%s" $password | ecryptfs-unwrap-passphrase $wrapped - `'\e[0m'
echo -e "\e[0;96mFilename Encryption Key (FNEK) Signature:"
echo -e '\e[1;96m'`tail -n1 $sig`'\e[0m'
echo -e "Mounting now! Be sure to enable FNEK!"
mount.ecryptfs $private $target -o ecryptfs_cipher=aes,ecryptfs_key_bytes=16,key=passphrase

这将解开您的密码并将其添加到密钥环。它还将显示密码和正确的 FNEK 签名，因此您可以在 mount.ecryptfs 提示时复制/粘贴它们。

使文件可执行并在 su 中运行它：

chmod +x ecryptfs-fnek-helper.sh
./ecryptfs-fnek-helper.sh

Answer

你真幸运！我刚刚遇到了同样的问题，并编写了一个脚本，以便于使用 FNEK 安装 ecryptfs 文件夹。

sudo su -

然后打开 nano/vim/您选择的编辑器并创建一个ecryptfs-fnek-helper.sh包含以下内容的文件：

#!/bin/bash

# Thanks to https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/455709
# 

echo "Where is the /home with the .ecryptfs mounted? (default=/mnt/home)"
read home_ecryptfs
if [ -z "$home_ecryptfs" ]; then
    home_ecryptfs=/mnt/home
fi
home_ecryptfs=$home_ecryptfs/.ecryptfs

echo "Whose encrypted home would you like to mount?"
read user
if [ -z "$user" ]; then
    echo "You have to enter a user!"
    exit;
fi

echo "What is the user's password?"
read -s password
if [ -z "$password" ]; then
    echo "You have to enter a password!"
    exit;
fi

echo "Where would you like to mount it? (Default: /mnt/[username])"
read target
if [ -z "$target" ]; then
    target=/mnt/$user
fi
target=$target/
mkdir -p $target

wrapped=$home_ecryptfs/$user/.ecryptfs/wrapped-passphrase
sig=$home_ecryptfs/$user/.ecryptfs/Private.sig
private=$home_ecryptfs/$user/.Private/

echo I will be mounting $private into $target.

echo "Clearing the keyring."
keyctl clear @u
keyctl list @u

echo "Unwrapping passphrase and inserting it into key:"
printf "%s" $password | ecryptfs-insert-wrapped-passphrase-into-keyring $wrapped -

keyctl list @u

echo -e "\e[0;92mPassphrase:"
echo -e '\e[1;92m'`printf "%s" $password | ecryptfs-unwrap-passphrase $wrapped - `'\e[0m'
echo -e "\e[0;96mFilename Encryption Key (FNEK) Signature:"
echo -e '\e[1;96m'`tail -n1 $sig`'\e[0m'
echo -e "Mounting now! Be sure to enable FNEK!"
mount.ecryptfs $private $target -o ecryptfs_cipher=aes,ecryptfs_key_bytes=16,key=passphrase

这将解开您的密码并将其添加到密钥环。它还将显示密码和正确的 FNEK 签名，因此您可以在 mount.ecryptfs 提示时复制/粘贴它们。

使文件可执行并在 su 中运行它：

chmod +x ecryptfs-fnek-helper.sh
./ecryptfs-fnek-helper.sh

Question 2

您可以尝试使用以下命令解密您的主目录：

sudo ecryptfs-add-passphrase --fnek
sudo mount -t ecryptfs /home/username /home/username -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n,,ecryptfs_enable_filename_crypto=yes

如果你没有加密文件名，请删除与密码相关的命令/参数。你可以找到有关安装 ecryptfs 的更多信息这里。此致。

Answer

您可以尝试使用以下命令解密您的主目录：

sudo ecryptfs-add-passphrase --fnek
sudo mount -t ecryptfs /home/username /home/username -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n,,ecryptfs_enable_filename_crypto=yes

如果你没有加密文件名，请删除与密码相关的命令/参数。你可以找到有关安装 ecryptfs 的更多信息这里。此致。

重新安装后从单独分区解密 $HOME

答案1

答案2

相关内容