eCryptfs 解密和挂载问题

我在 xubuntu 中登录和解密我的主文件夹时遇到问题。当我尝试登录时，屏幕闪烁，什么也没发生。当时的系统日志信息：

Aug  7 15:22:20 xu sudo: pam_ecryptfs: Passphrase file wrapped
Aug  7 15:22:20 xu sudo: pam_ecryptfs: Unable to rewrap passphrase file
Aug  7 15:22:20 xu sudo: Failed to detect wrapped passphrase version: Permission denied
Aug  7 15:22:20 xu sudo: Error attempting to unwrap passphrase from file [/home/sergei/.ecryptfs/wrapped-passphrase]; rc = [-13]
Aug  7 15:22:20 xu sudo: pam_ecryptfs: Error adding passphrase key token to user session keyring; rc = [-5]
Aug  7 15:23:06 xu lightdm: pam_ecryptfs: Passphrase file wrapped
Aug  7 15:23:06 xu lightdm: pam_ecryptfs: Unable to rewrap passphrase file
Aug  7 15:23:06 xu lightdm: Failed to detect wrapped passphrase version: Permission denied
Aug  7 15:23:06 xu lightdm: Error attempting to unwrap passphrase from file [/home/sergei/.ecryptfs/wrapped-passphrase]; rc = [-13]
Aug  7 15:23:06 xu lightdm: pam_ecryptfs: Error adding passphrase key token to user session keyring; rc = [-5]
Aug  7 15:23:07 xu systemd[1]: Started Session c6 of user sergei.
Aug  7 15:23:07 xu lightdm[2973]: Signature not found in user keyring
Aug  7 15:23:07 xu lightdm[2973]: Perhaps try the interactive 'ecryptfs-mount-private'
Aug  7 15:23:07 xu lightdm[2973]: Error writing X authority: Failed to open X authority /home/sergei/.Xauthority: Permission denied
Aug  7 15:23:07 xu acpid: client 3689[0:0] has disconnected
Aug  7 15:23:07 xu acpid: client connected from 3897[0:0]
Aug  7 15:23:07 xu acpid: 1 client rule loaded
Aug  7 15:23:07 xu systemd[1]: Started Session c7 of user lightdm.

我能够通过 Ctl+Alt+F1 控制台登录，因此我决定手动挂载我的主目录。但收到一个错误：

sergei@xu:~$ ecryptfs-mount-private
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
Enter your login passphrase:

系统日志：

Aug  7 15:30:49 xu ecryptfs-insert-wrapped-passphrase-into-keyring: Failed to detect wrapped passphrase version: Permission denied
Aug  7 15:30:49 xu ecryptfs-insert-wrapped-passphrase-into-keyring: Error attempting to unwrap passphrase from file [/home/sergei/.ecryptfs/wrapped-passphrase]; rc = [-13]

我尝试检查我的密码：

sergei@xu:~$ ecryptfs-unwrap-passphrase
Passphrase:
Error: Unwrapping passphrase failed [-13]
Info: Check the system log for more information from libecryptfs

系统日志：

Aug  7 15:28:47 xu ecryptfs-unwrap-passphrase: Failed to detect wrapped passphrase version: Permission denied

但在 root 下 unwrap-passphrase 工作正常：

sergei@xu:~$ sudo ecryptfs-unwrap-passphrase /home/sergei/.ecryptfs/wrapped-passphrase
Passphrase:
mypassphrase_here

好吧，我没有忘记密码。输出与我输入的短语相同。不过，输出不是那么长的随机短语，那是很久以前自动生成的。出现这些问题后，我决定以不同的方式安装它：

sergei@xu:~$ ecryptfs-add-passphrase --fnek
Passphrase:
Inserted auth tok with sig [e94f5149955202f3] into the user session keyring
Inserted auth tok with sig [6a7465b6ae998f18] into the user session keyring
sergei@xu:~$ sudo mount -t ecryptfs /home/sergei/.Private /mnt/
Passphrase:
Select cipher:
 1) aes: blocksize = 16; min keysize = 16; max keysize = 32
 2) blowfish: blocksize = 8; min keysize = 16; max keysize = 56
 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24
 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32
 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32
 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16
Selection [aes]:
Select key bytes:
 1) 16
 2) 32
 3) 24
Selection [16]:
Enable plaintext passthrough (y/n) [n]:
Enable filename encryption (y/n) [n]: y
Filename Encryption Key (FNEK) Signature [e94f5149955202f3]: 6a7465b6ae998f18
Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_fnek_sig=6a7465b6ae998f18
  ecryptfs_key_bytes=16
  ecryptfs_cipher=aes
  ecryptfs_sig=e94f5149955202f3
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.

Would you like to proceed with the mount (yes/no)? : yes
Would you like to append sig [e94f5149955202f3] to
[/root/.ecryptfs/sig-cache.txt]
in order to avoid this warning in the future (yes/no)? : no
Not adding sig to user sig cache file; continuing with mount.
Mounted eCryptfs

如上所示，我收到了错误并忽略了它。但在挂载的目录中只有一堆 ECRYPTFS_FNEK_ENCRYPTED 文件。我尝试恢复我的目录，但收到错误并且没有系统日志信息：

sergei@xu:~$ sudo ecryptfs-recover-private
INFO: Searching for encrypted private directories (this might take a while)...
INFO: Found [/home/.ecryptfs/sergei/.Private].
Try to recover this directory? [Y/n]: y
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] y
INFO: Enter your LOGIN passphrase...
Passphrase:
Inserted auth tok with sig [e94f5149955202f3] into the user session keyring
ERROR: The key required to access this private data is not available.

我再次尝试，但这次我说我没有登录密码，并输入了那个很长的随机密码：

sergei@xu:~$ sudo ecryptfs-recover-private
INFO: Searching for encrypted private directories (this might take a while)...
INFO: Found [/home/.ecryptfs/sergei/.Private].
Try to recover this directory? [Y/n]: y
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] n
INFO: To recover this directory, you MUST have your original MOUNT passphrase.
INFO: When you first setup your encrypted private directory, you were told to record
INFO: your MOUNT passphrase.
INFO: It should be 32 characters long, consisting of [0-9] and [a-f].

Enter your MOUNT passphrase:
INFO: Success!  Private data mounted at [/tmp/ecryptfs.4qCNYRo6].

但是，/tmp/ecryptfs.4qCNYRo6又出现了一堆 ECRYPTFS_FNEK_ENCRYPTED 文件。

那么，我应该怎么做才能解决我的问题？我真的不想丢失我的主目录。