EncryptedPrivateDirectory

Please refer to EncryptedFilesystems for further documentation.

See EncryptedHome for details of encrypting your whole home directory rather than a sub-directory as described here.

Ubuntu 8.10 (Intrepid Ibex) brought an interesting new security feature to both desktop and server users: the Encrypted ~/Private Directory.

Contents

Setup Your Encrypted Private Directory
Use Your Encrypted Private Directory
Storing Your Keys, Email and other Data in ~/Private
Using in conjunction with Auto-login
Recovering Your Data Automatically
Recovering Your Data Manually
Live CD method of opening a encrypted home directory
1. Long way
2. Short advanced way
Recovering Your Mount Passphrase
How to Remove an Encrypted Private Directory Setup
Log in with the folder remaining encrypted
Caveats
Not covered in this tutorial
More information

Setup Your Encrypted Private Directory

Install ecryptfs-utils
sudo apt-get install ecryptfs-utils
Setup your private directory
ecryptfs-setup-private
Warning: Do not use ecryptfs-setup-private --noautomount if your login manager is kdm. See bug #643970.
Enter your login password, and either choose a mount pass phrase or generate one.
- Record both pass phrases in a safe location!!! They will be required if you ever have to recover your data manually.
Logout, and Log back in to establish the mount

Use Your Encrypted Private Directory

After logging back in, all content of any files or folders you write in ~/Private will be encrypted when written to the disk, in the hidden directory ~/.Private.

Storing Your Keys, Email and other Data in ~/Private

It can be a good idea to move the content of your .evolution/, .ssh/ and .gnupg/ in ~/Private and replacing them with a symlink.

Make sure that the application whose data you want to protect (e.g. Firefox or Evolution) is not running
ps -ef | grep evolution
Move the application's data directory (e.g. ~/.mozilla or ~/.evolution) into your ~/Private directory
mv ~/.evolution ~/Private
Establish a symbolic link from the old location to new location
ln -s ~/Private/.evolution ~/.evolution

Automatic, password-less desktop logins will yield an un-mounted ~/Private directory. This is quite deliberately by design, ensuring that you must enter a password to access the encrypted data in the ~/Private directory.

If you use the ecryptfs-setup-private from ecryptfs-utils version 53-1ubuntu13 or beyond, if you open your ~/Private folder in Nautilus or Konqueror, you should see two files, README.txt, and "Access Your Private Data". If you click on "Access...", you will be prompted for your login password and your private data will be accessible.

If you created your ~/Private directory with an older version of ecryptfs-utils, you will need to manually establish a symlink for the "Access Your Private Data" icon. Here's how:

Update to the latest ecryptfs-utils package
- $ sudo apt-get update && sudo apt-get upgrade
Ensure that ~/Private is not mounted
- $ ecryptfs-umount-private
Establish the links in your unmounted ~/Private
- cd ~/Private && sudo ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt README.txt && sudo ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop Access-Your-Private-Data.desktop

Recovering Your Data Automatically

Use ecryptfs-recover-private

boot the target system using an Ubuntu 11.04 Desktop LiveCD
make sure that your target system's hard drive is mounted
open a terminal
run 'sudo ecryptfs-recover-private'
follow the prompts
access your decrypted data and save somewhere else

Recovering Your Data Manually

These steps should only be required in unusual, or emergency circumstances, when you must manually mount your encrypted ~/Private directory to recover your data. You can use this to mount your data if it's backed up on a different system, or using a LiveCD, as long as it is running at least the Linux 2.6.26 kernel.

If you use encrypted filenames (standard in Ubuntu >= 9.04) you have to do the following first:
- sudo ecryptfs-add-passphrase --fnek
- Passphrase: (Enter the mount passphrase you recorded when you setup the mount--this passphrase is different from your login passphrase.)
- You should now get two lines looking like this:
- Inserted auth tok with sig [9986ad986f986af7] into the user session keyring
- Inserted auth tok with sig [76a9f69af69a86fa] into the user session keyring (write down the second value in the square brackets)
Mount using sudo:
- sudo mkdir -p /home/username/Private
- sudo mount -t ecryptfs /home/username/.Private /home/username/Private
- Selection: 3 (use a passphrase key type)
- Passphrase: (Enter the mount passphrase you recorded when you setup the mount--this passphrase is different from your login passphrase.)
- Selection: aes (use the aes cipher)
- Selection: 16 (use a 16 byte key)
- Enable plaintext passthrough: n
- Enable filename encryption: y (This and the following options only apply if you are using filename encryption)
- Filename Encryption Key (FNEK) Signature: (the value you wrote down from the second line above)

Note: This is a common error that you get if you use a invalid directory when you give the mount command.

Error mounting eCryptfs: [-2] No such file or directory
Check your system logs; visit <http://launchpad.net/ecryptfs>

The system logs are located in /var/log. You most likely want to take a look at these 3 log files.

/var/log/syslog
/var/log/user.log
/var/log/auth.log

Take a look at this link if you want more information about system logs. http://www.cyberciti.biz/faq/ubuntu-linux-gnome-system-log-viewer/

Assuming you entered your passphrase correctly, you should be able to temporarily access your data at /home/username/Private . Since you are using superuser privileges instead of your regular user account, you may get a warning that you might have entered the passphrase wrong, even if you didn't:

WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.

It is safe to ignore this warning.

Live CD method of opening a encrypted home directory

There are two methods of using the LiveCd to open a encrypted home directory. The first will be the long way. The long way gives you more functionality in your home directory. It is also easier to do. The second will be the short way. The second way requires you to know about your system and how you partitioned it. It is more difficult to get more functionality, but is still possible. I prefer the long way.

Long way

The first thing you need to do is mount your linux partitions. Please use nautilus to do this. The guide will make a lot more sense if you do this. Nautilus is the default file manager of gnome. If you are using a kde or xfce live cd the syntax may be different below so please install nautilus if that is the case with this command.

~ $ sudo apt-get install nautilus

If you are confident in your ability to use the mount the command then you can use that, but you will have to manipulate the directory information below for it to work properly. Use this command to to find your Linux partitions.

~ $ sudo fdisk -l

Note: If you are trying to recover some data by doing this it is a good idea to mount your partition in read only mode. To do this use the command below.

sudo mount -o remount,ro /dev/sda6

My output

~ $ sudo fdisk -l

Disk /dev/sda: 100.0 GB, 100030242816 bytes
255 heads, 63 sectors/track, 12161 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000c8b89

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1        1245     9999360   83  Linux
/dev/sda2            1246        5478    33998849    5  Extended
/dev/sda3   *        5479       12161    53681197+   7  HPFS/NTFS
/dev/sda5            1246        1743     3998720   82  Linux swap / Solaris
/dev/sda6            1744        5478    29999104   83  Linux

In this case you would have to to mount /dev/sda1 and /dev/sda6. I am going to assume you know how to do this if you want to manually mount your partitions.

Next you need find your ".Private" directory. It is possible to have a ".Private" symlink. So be careful. Use this command to find it.

~ $ sudo find / -type d -iname '.Private' 2>/dev/null

You should get something similar to this:

~ $ /media/<disk>/.ecryptfs/<user>/.Private
~ $ /media/<disk>/<user>/.Private

In my case I got the first one.

~ $ sudo find / -type d -iname '.Private' 2>/dev/null
/media/4fa4e92e-3532-48fd-a83d-6ea340a669b6/.ecryptfs/bob/.Private

Next you need to find your keyring keys. This requires that you have your mount passphrase. You recorded when you setup the mount--this passphrase is different from your login passphrase. If you don't have your mount passphrase please read here (Recovering Your Mount Passphrase). Lets move on to getting those keyring keys. Put the sudo command into the terminal that you see below. This will be a interactive prompt. The left side of what you see is what you will see and the right side will give you more information. The second keyring in the square brackets is the important part.

sudo ecryptfs-add-passphrase --fnek
Passphrase: (Enter the mount passphrase you recorded when you setup the mount--this passphrase is different from your login passphrase.)
You should now get two lines looking like this:
Inserted auth tok with sig [9986ad986f986af7] into the user session keyring
Inserted auth tok with sig [76a9f69af69a86fa] into the user session keyring (write down the second value in the square brackets)

Next you need to mount the appropriate ".Private" directory. That you found earlier. You also need to understand the mount syntax to mount everything correctly.

sudo mount -t ecryptfs sdtm ldm

sudo, mount, -t, ecryptfs, Just copy and paste those. They stay the same.
sdtm = source directory to mount
ldm = location directory to mount at

I recommend mounting at /home/username. Replace username with whatever username you want to use. I will be mounting at /home/bob. Since this is a live cd the directory will not exist, so you need to create it. Use this command to create your directory.

sudo mkdir /home/username

After you have created the directory that you want to mount at, please use this command that I showed you above.

sudo mount -t ecryptfs sdtm ldm

An example of putting all of this together would be:

sudo mount -t ecryptfs /media/4fa4e92e-3532-48fd-a83d-6ea340a669b6/.ecryptfs/bob/.Private /home/bob

Next you will have a interactive prompt.

Passphrase: (Enter the mount passphrase you recorded when you setup the mount--this passphrase is different from your login passphrase.)
Selection: aes (use the aes cipher)
Selection: 16 (use a 16 byte key)
Enable plaintext passthrough: n
Enable filename encryption: y (This and the following options only apply if you are using filename encryption)
Filename Encryption Key (FNEK) Signature: (The second keyring in the square brackets from above that I said would be important.)

If everything worked out correctly you should be able to see everything in /home/username. My files will be in /home/bob.

There are several possible things that can go wrong. I will cover them here.

Error mounting eCryptfs: [-2] No such file or directory
Check your system logs; visit <http://launchpad.net/ecryptfs>

This is a common error that you get if you use a invalid directory when you give the mount command.

It is possible to get the message Mounted eCryptfs and still not be able to see your data. This most likely means that you did not mount ".Private" directory. It is also possible that you mounted the wrong directory. This happened to me and was quite difficult to figure out. Thanks to this question on launchpad I was able to figure it out.

https://answers.launchpad.net/ecryptfs/+question/114209

Please check eCryptfs for any other problems.

http://ecryptfs.sourceforge.net/ecryptfs-faq.html

Short advanced way

As I said this method is more difficult. If your home directory is installed on your / root partition it makes life easier. If you have a /home partition then you need to find both your /home partition and / root partition. Use nautilus to mount your linux partitions. Then use these two commands so you can figure out if you have a /home partition or not.

~ $ sudo fdisk -l
~ $ df -h

Note: The linux partitions must be mounted or you will not be able to get the information you need.

Here is my output.

~ $ sudo fdisk -l

Disk /dev/sda: 100.0 GB, 100030242816 bytes
255 heads, 63 sectors/track, 12161 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000c8b89

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1        1245     9999360   83  Linux
/dev/sda2            1246        5478    33998849    5  Extended
/dev/sda3   *        5479       12161    53681197+   7  HPFS/NTFS
/dev/sda5            1246        1743     3998720   82  Linux swap / Solaris
/dev/sda6            1744        5478    29999104   83  Linux

~ $ df -h
Filesystem            Size  Used Avail Use% Mounted on
aufs                  1.6G  1.5G  103M  94% /
none                  1.6G  280K  1.6G   1% /dev
/dev/sr0              700M  700M     0 100% /cdrom
/dev/loop0            682M  682M     0 100% /rofs
none                  1.6G  5.3M  1.6G   1% /dev/shm
tmpfs                 1.6G   34M  1.6G   3% /tmp
none                  1.6G   92K  1.6G   1% /var/run
none                  1.6G     0  1.6G   0% /var/lock
/dev/sda3              52G   32G   21G  61% /media/D07C698F7C697160
/dev/sda6              29G  9.4G   18G  35% /media/4fa4e92e-3532-48fd-a83d-6ea340a669b6
/dev/sda1             9.4G  4.2G  4.9G  47% /media/4fb33fae-d738-405d-8ba1-bc1ede832411

In my case I have a /home partition and / root partition. I can tell this by looking at /dev/sda1 and /dev/sda6. If you look at the sudo fdisk -l you can see /dev/sda1 and /dev/sda6 are my linux partitions. If you look at the df -h I can see /dev/sda6 is much bigger than /dev/sda1 so I know /dev/sda6 is my /home partition.

You need to unmount the partitions that you just mounted. Change the partition numbers to whatever the partition numbers are.

~ $ umount /dev/sda1
~ $ umount /dev/sda6

If you have a home directory and / root partition do this. http://blog.dustinkirkland.com/2009/03/mounting-your-encrypted-home-from.html

ubuntu@ubuntu$ sudo mount /dev/sda1 /mnt
ubuntu@ubuntu$ sudo mount -o bind /dev /mnt/dev
ubuntu@ubuntu$ sudo mount -o bind /dev/shm /mnt/dev/shm
ubuntu@ubuntu$ sudo mount -o bind /proc /mnt/proc
ubuntu@ubuntu$ sudo mount -o bind /sys /mnt/sys
ubuntu@ubuntu$ sudo chroot /mnt
root@ubuntu$ su - kirkland
kirkland@ubuntu$ ecryptfs-mount-private
Enter your login passphrase:
Warning: Using default salt value (undefined in ~/.ecryptfsrc)
Inserted auth tok with sig [xxx] into the user session keyring
kirkland@ubuntu$ cd $HOME
kirkland@ubuntu$ ls -alF
...
kirkland@ubuntu$ cat .profile

Here is an example of putting this into action. I attached the thread decribes what is going on. http://ubuntuforums.org/showthread.php?t=1643532

# Set up chroot :
# Note my install (both home and /) on sda3

ubuntu@ubuntu:~$ sudo mount /dev/sda3 /mnt
ubuntu@ubuntu:~$ sudo mount -o bind /dev /mnt/dev
ubuntu@ubuntu:~$ sudo mount -o bind /dev/shm/ /mnt/dev/shm
ubuntu@ubuntu:~$ sudo mount -o bind /proc /mnt/proc
ubuntu@ubuntu:~$ sudo mount -o bind /sys /mnt/sys

# As you say, there is no "bodhi" on the live CD:
ubuntu@ubuntu:~$ id bodhi
id: bodhi: No such user

# But after we chroot ...
ubuntu@ubuntu:~$ sudo chroot /mnt
root@ubuntu:/# id bodhi
uid=1000(bodhi) gid=1000(bodhi) groups=1000(bodhi),4(adm),20(dialout),24(cdrom),46 (plugdev),111(lpadmin),119(admin),122(sambashare)


# su to bodhi
root@ubuntu:/# su - bodhi
keyctl_search: Required key not available
Perhaps try the interactive 'ecryptfs-mount-private'
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

# But home is encrypted ...

bodhi@ubuntu:~$ ls
Access-Your-Private-Data.desktop README.txt

# Decrypt home
bodhi@ubuntu:~$ ecryptfs-mount-private
Enter your login passphrase:
Inserted auth tok with sig [b0d08471978769db] into the user session keyring

INFO: Your private directory has been mounted.
INFO: To see this change in your current shell:
cd /home/bodhi

# We will not see the data until we cd into the decrypted home
# read the README.txt =)
bodhi@ubuntu:~$ ls
Access-Your-Private-Data.desktop README.txt

# so cd ...
bodhi@ubuntu:~$ cd

# Now we can see the decrypted data ...
bodhi@ubuntu:~$ ls
bin Desktop Downloads Music Public Videos
bzr Documents examples.desktop Pictures Templates zen

We can access the data, as root, from the live CD (gksu nautilus) at /mnt/home/bodhi

If you have a /home partition and / root partition do this. I will now assume you know where /home partition and / root partition. Mount your /root partition like this. Replace the appropriate number for where your /root partition is.

sudo mount /dev/sda1 /mnt

Mount your /home partition like this. Replace the appropriate number for where your /home partition is.

sudo mount /dev/sda6 /mnt/home

After that setup you chroot.

sudo mount -o bind /dev /mnt/dev
sudo mount -o bind /dev/shm/ /mnt/dev/shm
sudo mount -o bind /proc /mnt/proc
sudo mount -o bind /sys /mnt/sys

Then chroot

sudo chroot /mnt /bin/bash

su to your username. My username is bob so I will use bob.

su - bob

Then decrypt home.

ecryptfs-mount-private

An example of this.

mint@mint ~ $ ls /media/4fa4e92e-3532-48fd-a83d-6ea340a669b6
bob  joe  lost+found  Recycled  RECYCLER
mint@mint ~ $ ls /media/4fb33fae-d738-405d-8ba1-bc1ede832411
bin   home        media       opt       root     sys  vmlinuz
boot  initrd.img  mnt         proc      sbin     tmp
dev   lib         OldHome     Recycled  selinux  usr
etc   lost+found  OldPrivate  RECYCLER  srv      var
mint@mint ~ $ umount /media/4fa4e92e-3532-48fd-a83d-6ea340a669b6
mint@mint ~ $ umount /media/4fb33fae-d738-405d-8ba1-bc1ede832411
mint@mint ~ $ sudo mount /dev/sda1 /mnt
mint@mint ~ $ sudo mount /dev/sda6 /mnt/home
mint@mint ~ $ sudo mount -o bind /dev /mnt/dev
mint@mint ~ $ sudo mount -o bind /dev/shm/ /mnt/dev/shm
mint@mint ~ $ sudo mount -o bind /proc /mnt/proc
mint@mint ~ $ sudo mount -o bind /sys /mnt/sys
mint@mint ~ $ sudo chroot /mnt /bin/bash
 _______________________________________
( Many changes of mind and mood; do not )
( hesitate too long.                    )
 ---------------------------------------
  o
   o
       ___  
     {~._.~}
      ( Y )
     ()~*~()   
     (_)-(_)   
mint / # su - u bob
Unknown id: u
mint / # su - bob
keyctl_search: Required key not available
Perhaps try the interactive 'ecryptfs-mount-private'
 _________________________________________
( "I don't think you have to go through   )
( the process of reconfiguring X as I did )
( - that was partly because the           )
( frustration made me brain dead."        )
(                                         )
( Husse Apr 5 2007                        )
 -----------------------------------------
  o
   o
       ___  
     {~._.~}
      ( Y )
     ()~*~()   
     (_)-(_)   
bob@mint ~ $ ecryptfs-mount-private
Enter your login passphrase:
Inserted auth tok with sig [3bacfa4dde6b90dd] into the user session keyring

INFO: Your private directory has been mounted.
INFO: To see this change in your current shell:
  cd /home/bob

bob@mint ~ $ ls -alF
total 32
drwx------ 5 bob  bob  4096 2010-09-03 16:18 ./
drwxr-xr-x 8 root root 4096 2010-08-21 18:16 ../
lrwxrwxrwx 1 bob  bob    56 2010-05-24 01:55 Access-Your-Private-Data.desktop -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop
-rw------- 1 bob  bob   214 2010-09-03 16:18 .bash_history
drwx------ 3 bob  bob  4096 2010-07-15 23:29 .cache/
lrwxrwxrwx 1 bob  bob    29 2010-05-24 01:55 .ecryptfs -> /home/.ecryptfs/bob/.ecryptfs/
-rw------- 1 bob  bob    16 2010-09-03 16:18 .esd_auth
drwx------ 2 bob  bob  4096 2010-11-12 15:00 .gconfd/
lrwxrwxrwx 1 bob  bob    28 2010-05-24 01:55 .Private -> /home/.ecryptfs/bob/.Private/
drwx------ 2 bob  bob  4096 2010-11-29 21:18 .pulse/
-rw------- 1 bob  bob   256 2010-09-03 16:18 .pulse-cookie
lrwxrwxrwx 1 bob  bob    52 2010-05-24 01:55 README.txt -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt
bob@mint ~ $ pwd
/home/bob
bob@mint ~ $ cd /home/bob
bob@mint ~ $ ls -alF
total 16672
drwx------ 92 bob  bob    28672 2010-12-09 01:12 ./
drwxr-xr-x  8 root root    4096 2010-08-21 18:16 ../
-rw-r--r--  1 bob  bob    88038 2010-08-31 02:43 20 group list.txt
-rwxr-xr-x  1 bob  bob      191 2010-10-28 15:34 .xprofile*
bob@mint ~ $ pwd
/home/bob

To access the data, do not exit the chroot. Open a new terminal and run nautilus as root.

gksu nautilus

You can not run graphical applications directly from the chroot, you would need to connect to the chroot via a VNC or ssh -X.

Recovering Your Mount Passphrase

In the event that you did not write down your mount passphrase, you may be able to recover it by decrypting the file /home/username/.ecryptfs/wrapped-passphrase using your login passphrase.

ecryptfs-unwrap-passphrase /home/username/.ecryptfs/wrapped-passphrase
Type your login passphrase to reveal the mount passphrase

If your login passphrase matches the passphrase used to encrypt the wrapped-passphrase file, your mount passphrase will be written to screen. Record and protect this data accordingly.

If you have lost your wrapped-passphrase file, and you did not record your mount passphrase, it is impossible to access your encrypted data.

How to Remove an Encrypted Private Directory Setup

Perhaps an Encrypted Private Directory is not for you. To remove this setup:

Ensure that you have moved all relevant data out of your ~/Private directory
Unmount your encrypted private directory
- $ ecryptfs-umount-private
Make ~/Private writable again
- $ chmod 700 ~/Private
Remove ~/Private, ~/.Private, ~/.ecryptfs (Note: THIS IS VERY PERMANENT AND WILL DELETE ALL YOUR FILES, NOT JUST THE ENCRYPTED COPIES!)
- $ rm -rf ~/Private ~/.Private ~/.ecryptfs
Uninstall the utilities
- $ sudo apt-get remove ecryptfs-utils libecryptfs0

Log in with the folder remaining encrypted

A possible security problem that can crop up, is the event that the user logs in and then immediately leaves the computer physically usable to another person. The Private folder is unlocked as soon as the user logs in, the owner would not have had the chance to lock the folder, and the other person can take control of the computer and access it while the owner is away.

We can stop ecryptfs from unlocking the Private folder on startup, by removing the empty file auto-mount which is located in ~/.ecryptfs/, where you also can remove the auto-umount file, if you would like ecryptsfs to stop unmounting the private folder upon shutdown and logout.

For some reason the script fails to ask for a password, when you simply log out and in. You have to reboot the machine, or you will be able to just click on the mount script and the folder is mounted.

To resolve this problem, it is possible to have the script that unmounts the Private folder to run at login, so it cannot be accessed without the password being put in first. To do this:

Go to System > Preferences > Startup Applications.
Click Add.
You can put anything for the Name field, something like Lock Private Folder for example. In the Command field, type /usr/bin/ecryptfs-umount-private and the Comment field can can be left blank.
Click Save and close the Startup Applications window. When you log in, the Private folder will be quickly unmounted before the folder can be accessed.

This is a quick and dirty solution to this problem. If there's a better way, please replace this with it.

Caveats

Before Ubuntu 9.04, filenames and directory names were not encrypted. This has been fixed in Ubuntu 9.04, however. (Bug #264977).
Network mounting (NFS, CIFS, Samba) of /home will not work properly with an encrypted ~/Private (bugs #277578 & #289747).
By design, data is not kept private to privileged users while the user is logged in. One consequence of this is if ~/Private is mounted, a backup solution may backup your decrypted files unless the backup software is configured to exclude files in ~/Private.
If you put all of .ssh in ~/Private, you won't be able to ssh into the system using public key authentication. In this case, you might want to only put your private key in ~/Private, and leave the rest (or at least the public keys saved in "authorized_keys" file) in the clear.
If you choose to store application data in the ~/Private directory, those applications will not operate as expected if the ~/Private directory is unmounted.
If you enable "automatic login" ~/Private will NOT be mounted (decrypted) automatically.
Linux filenames are limited to 256 characters in length. When using eCryptfs encrypted filenames, filenames are padded with metadata necessary for decryption. Cleartext filenames which are already very long (> ~200 characters) will not work in eCryptfs.

Not covered in this tutorial

How the automatic mounting of the encrypted directory works and what files need to be edited to stop the automatic mounting.

More information

If you would like more information I recommend reading these websites.

http://goshawknest.wordpress.com/2010/04/16/how-to-recover-crypted-home-directory-in-ubuntu/ http://blog.dustinkirkland.com/2009/03/mounting-your-encrypted-home-from.html#comment-form http://www.kaijanmaki.net/2009/10/26/recovering-files-from-ecryptfs-encrypted-home/ http://bodhizazen.net/Tutorials/Ecryptfs/ http://www.theirishpenguin.com/2010/09/26/accessing-your-encrypted-home-directory-in-ubuntu/

Ubuntu Documentation