Linux, despite sharing a smaller percentage of the global desktop OS market; holds a dear place in the hearts of many users. It is fun to use and offers limitless customization. Furthermore, the platform affords freedom as it is open source. However, to actually dive deep into the OS, one needs significant knowledge and know-how. Take, for example, recovering files from an encrypted disk. Though the process is not that complicated for Windows or even macOS, users might find themselves confused when it comes to Ubuntu, a Linux distro. Hence, we have prepared this article to guide our readers through the recovery process once and for all.
This article describes the commands for several methods. If you don’t know what you are doing, you probably shouldn’t do it. Get someone who is familiar with Ubuntu commands do it for you. If something goes wrong, you may permanently lose your data.
What is an Encrypted Drive?
Ubuntu is a modern, fast, stable, and open-source OS for the Linux enterprise server, desktop, and cloud. It is a popular distro that is based on Debian and entails mostly free and open-source software. The distro is officially available in three editions: Desktop, Server, and Core for IoT devices and robotics. Although, each edition can run independently on a PC or a VM (Virtual Machine).
An encrypted drive is a drive on your machine that is encrypted by a key. The data cannot be accessed without decrypting. In most cases, the only way to do that is to have the key. Otherwise, the data will be lost forever. However, there are mechanisms to overcome this and retrieve the data.
Method 1. Recovering Data Automatically
The first method utilizes the Command Terminal to render the recovery process automatically. Although there are a couple of prerequisites that are:
- User should remember the password associated to the encrypted drive.
- User must remember the path to his encrypted files.
The steps are as follows:
Step 1. Boot your system where you have the encrypted drive, using either a Live CD or USB.
Step 2. Ensure that the target encrypted drive is mounted, otherwise you won’t be able to access it.
Step 3. Now, run the command terminal by pressing the Ctrl + Alt + T keys.
Step 4. After that, run the following command:
sudo ecryptfs-recover-private /media/host_user/disk_identifier/home/.ecryptfs/target_user/.PrivateHere, host_user is the boot OS login name, target_user is the encrypted drive username. The disk_identifier will be something like (ext2 or ext3)
Step 5. Finally, enter the password when required and follow the prompts to access the decrypted files.
Method 2. Recovering Data Manually
The manual method of recovering data can be quite dangerous and only used in emergencies or in unusual cases where the potential loss of data won’t be a serious problem. In this process, the user is required to manually mount the encrypted drive. The steps are:
Step 1. First, those users who are using encrypted filenames should follow this:
sudo ecryptfs-add-passphrase --fnekStep 2. Enter the Passphrase (Password created during encryption). Do not confuse it with your login Passphrase.
Step 3. Now, mount the drive. Be sure to replace “username” with your actual username.
sudo mkdir -p /home/username/Privatesudo mount -t ecryptfs /home/username/.Private /home/username/PrivateStep 4. After that, choose the 3rd selection and enter your Passphrase.
Step 5. Next, select the AES cipher and a 16-bit key.
Step 6. Then enable both Plaintext Passthrough and Filename Encryption and enter the FNEK (Filename Encryption Key) that you wrote down previously.
Step 7. Finally, you can access your encrypted files.
Method 3. Using Live CD
Users can use a Live CD in two ways to open an encrypted drive. Although the first method is a long one, it is traditional, stable, and offers more functionality. On the other hand, the second method is advanced though it requires the user to have thorough knowledge regarding the system and partitions. If you need a better idea, have a look at recovering Ubuntu partition.
Traditional Method
The steps are as follows:
Step 1. First, mount the Linux partitions.
We recommend using nautilus package (the official file manager for the GNOME desktop) for this. The command to install nautilus is:
sudo apt-get install nautilusStep 2. Now, find your Linux partitions.
sudo fdisk -lStep 3. Then find the encrypted drive by using this command:
sudo find / -type d -iname '.Private' 2>/dev/nullStep 4. After that, enter the Passphrase that was generated at the time of encryption.
sudo ecryptfs-add-passphrase --fnek Step 5. Here, you will be asked to enter the Passphrase. After that, mount the encrypted drive.
sudo mount -t ecryptfs sdtm ldmStep 6. Next, you have to create a directory.
sudo mkdir /home/usernameStep 7. Finally, select the cypher and byte key as AES and 16-bit. Then enable plaintext passthrough and filename encryption.
Advanced Method
Now, for the advanced method, the steps are:
Step 1. Start by installing nautilus.
sudo apt-get install nautilusStep 2. Then, find the relevant partitions.
sudo fdisk -ldf -hStep 3. Unmount the drives (change the partition numbers accordingly).
umount /dev/sda1umount /dev/sda6Step 4. Then remount them again.
sudo mount /dev/sda1 /mntsudo mount /dev/sda6 /mnt/homeStep 5. It’s time to setup chroot.
sudo mount -o bind /dev /mnt/devsudo mount -o bind /dev/shm/ /mnt/dev/shmsudo mount -o bind /proc /mnt/procsudo mount -o bind /sys /mnt/sysStep 6. Execute chroot.
sudo chroot /mnt /bin/bashStep 7. Finally, decrypt home.
sudo ecryptfs-mount-privateFAQ
If you have bad sectors in your drive which is problematic and preventing you from decrypting the drive, you can read our article on how to recover bad sectors on Ubuntu. It will help you to solve the problem.
