我最近尝试了一下,接受了从14.04到16.04的升级。我在安装软件包时离开了计算机,回到计算机时,我只有一个光标闪烁的黑屏。
复位时我得出一个结论,这是borked超越是值得去修复。
如何恢复加密数据?
我启动了ubuntu安装程序并擦除了我的根分区。新安装的新设备比旧安装的设备健康得多,因此无论如何可能都是必要的。
首次登录时,我得到一个提醒,将我的ecryptfs密钥保存在一个安全的地方-我不记得以前的安装中这样做了。
当组装家用文件夹阵列时,我发现我认为是加密数据:
root@computer:~/mnt/user# ls -la
total 8
dr-x------ 2 user user 4096 jul 2 2011 .
drwxr-xr-x 8 root root 4096 feb 18 2015 ..
lrwxrwxrwx 1 user user 56 jul 2 2011 Access-Your-Private-Data.desktop -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop
lrwxrwxrwx 1 user user 33 jul 2 2011 .ecryptfs -> /home/.ecryptfs/user/.ecryptfs
lrwxrwxrwx 1 user user 32 jul 2 2011 .Private -> /home/.ecryptfs/user/.Private
lrwxrwxrwx 1 user user 52 jul 2 2011 README.txt -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt
但是我无法解锁。
root@computer:~# ecryptfs-unwrap-passphrase /root/mnt/user/.ecryptfs/wrapped
Passphrase:
ffffffffffffffffffffffffffffffff
root@computer:~# ecryptfs-recover-private /root/mnt/user
INFO: Found [/root/mnt/user].
Try to recover this directory? [Y/n]:
INFO: Could not find your wrapped passphrase file.
INFO: To recover this directory, you MUST have your original MOUNT passphras
INFO: When you first setup your encrypted private directory, you were told t
INFO: your MOUNT passphrase.
INFO: It should be 32 characters long, consisting of [0-9] and [a-f].
Enter your MOUNT passphrase:
INFO: Success! Private data mounted at [/tmp/ecryptfs.lls9FwPj].
root@computer:~# ls -la /tmp/ecryptfs.lls9FwPj
total 8
dr-x------ 2 user user 4096 Jul 2 2011 .
drwxrwxrwt 11 root root 4096 Sep 11 11:08 ..
lrwxrwxrwx 1 user user 32 Jul 2 2011 .Private -> /home/.ecryptfs/user/.
lrwxrwxrwx 1 user user 33 Jul 2 2011 .ecryptfs -> /home/.ecryptfs/user/
lrwxrwxrwx 1 user user 56 Jul 2 2011 Access-Your-Private-Data.desktop -
lrwxrwxrwx 1 user user 52 Jul 2 2011 README.txt -> /usr/share/ecryptfs-
没有错误,但是安装点仅包含与源文件夹相同的未加密数据。
使用ecryptfs-unwrap-passphrase /root/mnt/user/.ecryptfs/wrapped-passphrase我确实得到了一个密钥,但是不幸的是,如果我不提供文件作为参数,那它就是我得到的密钥,所以我想我只得到了当前的密钥,而不是旧数据的密钥。
似乎旧wrapped-passphrase文件和新文件都相同:
root@computer:~# mount | grep md0
/dev/md0 on /root/mnt type ext4 (rw,relatime,data=ordered)
root@computer:~# md5sum /home/user/.ecryptfs/wrapped-passphrase /root/mnt/user/.ecryptfs/wrapped-passphrase
52da6f1ea1ffff114795c7613b5c560e /home/user/.ecryptfs/wrapped-passphrase
52da6f1ea1ffff114795c7613b5c560e /root/mnt/user/.ecryptfs/wrapped-passphrase
我发现这很奇怪,因为md0在安装过程中甚至没有组装。
但是,通过我正确的阅读,这个亚奥秘得到了解决:
root@computer:~# ls -l /root/mnt/user/.Private
lrwxrwxrwx 1 user user 32 Jul 2 2011 /root/mnt/user/.Private -> /home/.ecryptfs/user/.Private
似乎我一直在作用于到新主文件夹而不是旧数据的符号链接上。
读取正确的文件给出了另一个(正确的)键!
root@computer:~/mnt/.ecryptfs/user# ecryptfs-unwrap-passphrase /root/mnt/.ecryptfs/user/.ecryptfs/wrapped-passphrase
Passphrase:
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
这实际上是我最初的问题的答案:wrapped-passphrase-file使用我的登录密码进行了加密,因此,只要我拥有该文件并且知道密码,我就可以访问我的数据。
不幸的是,使用更合理的路径/键组合并没有太大的不同:
root@computer:~/mnt/.ecryptfs/user# ls -al
total 52
drwxr-xr-x 4 user user 4096 Jul 2 2011 .
drwxr-xr-x 3 root root 4096 Jul 2 2011 ..
drwxr-xr-x 121 user user 36864 Sep 8 14:58 .Private
drwx------ 2 user user 4096 Mar 15 2015 .ecryptfs
root@computer:~/mnt/.ecryptfs/user# ecryptfs-recover-private /root/mnt/.ecryptfs/user
INFO: Found [/root/mnt/.ecryptfs/user].
Try to recover this directory? [Y/n]:
INFO: Could not find your wrapped passphrase file.
INFO: To recover this directory, you MUST have your original MOUNT passphrase.
INFO: When you first setup your encrypted private directory, you were told to record
INFO: your MOUNT passphrase.
INFO: It should be 32 characters long, consisting of [0-9] and [a-f].
Enter your MOUNT passphrase:
INFO: Success! Private data mounted at [/tmp/ecryptfs.dKQkSvjC].
root@computer:~/mnt/.ecryptfs/user# ls -al /tmp/ecryptfs.dKQkSvjC
total 52
drwxr-xr-x 4 user user 4096 Jul 2 2011 .
drwxrwxrwt 12 root root 4096 Sep 11 12:32 ..
drwxr-xr-x 121 user user 36864 Sep 8 14:58 .Private
drwx------ 2 user user 4096 Mar 15 2015 .ecryptfs
由于某些ecryptfs工具具有硬编码的路径,因此我什至尝试过:
root@computer:~# mount /dev/md0 /home
root@computer:~# su - user
Signature not found in user keyring
Perhaps try the interactive 'ecryptfs-mount-private'
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
user@computer:~$ ecryptfs-mount-private
Enter your login passphrase:
Inserted auth tok with sig [e403598bcfe01170] into the user session keyring
mount: No such file or directory
但是那里也没有雪茄。
做同样的事情withouth的安装md0到/home没有任何工作,但。
user@computer:~$ dash -e -x `which ecryptfs-mount-private`
+ PRIVATE_DIR=Private
+ WRAPPING_PASS=LOGIN
+ PW_ATTEMPTS=3
+ TEXTDOMAIN=ecryptfs-utils
+ gettext Enter your login passphrase:
+ MESSAGE=Enter your login passphrase:
+ [ -f /home/user/.ecryptfs/wrapping-independent ]
+ WRAPPED_PASSPHRASE_FILE=/home/user/.ecryptfs/wrapped-passphrase
+ MOUNT_PASSPHRASE_SIG_FILE=/home/user/.ecryptfs/Private.sig
+ /sbin/mount.ecryptfs_private
+ [ -f /home/user/.ecryptfs/wrapped-passphrase -a -f /home/user/.ecryptfs/Private.sig ]
+ tries=0
+ stty -g
+ stty_orig=2d00:5:bd:ca1b:3:1c:7f:1f:4:0:1:0:11:13:1a:ff:12:f:17:16:ff:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0
+ [ 0 -lt 3 ]
+ echo -n Enter your login passphrase:
Enter your login passphrase:+ stty -echo
+ head -n1
+ LOGINPASS=MyLoginPassword
+ stty 2d00:5:bd:ca1b:3:1c:7f:1f:4:0:1:0:11:13:1a:ff:12:f:17:16:ff:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0
+ echo
+ wc -l
+ [ 2 = 1 ]
+ printf %s\0 MyLoginPassword
+ ecryptfs-insert-wrapped-passphrase-into-keyring /home/user/.ecryptfs/wrapped-passphrase -
Inserted auth tok with sig [93196f7a8af1fdfe] into the user session keyring
+ break
+ [ 0 -ge 3 ]
+ /sbin/mount.ecryptfs_private
mount: No such file or directory
user@computer:~$ ls -l /sbin/mount.ecryptfs*
-rwxr-xr-x 1 root root 25944 jul 13 19:13 /sbin/mount.ecryptfs
-rwsr-xr-x 1 root root 19024 jul 13 19:13 /sbin/mount.ecryptfs_private
因此,在正常登录过程中(通过PAM吗?)可能发生了一些不可思议的事情,但在我的示例中却没有。
引导现场CD,我可以访问数据!
root@ubuntu:~# apt install mdadm
Reading package lists... Done
[...]
root@ubuntu:~# mdadm --assemble /dev/md0 /dev/sd[bc]1
mdadm: /dev/md0 has been started with 2 drives.
root@ubuntu:~# mount /dev/md0 /home
root@ubuntu:/home# ecryptfs-recover-private /home/.ecryptfs/user/.PrivateINFO: Found [/home/.ecryptfs/user/.Private].
Try to recover this directory? [Y/n]:
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] Y
INFO: Enter your LOGIN passphrase...
Passphrase:
Inserted auth tok with sig [f403498bcfd01070] into the user session keyring
INFO: Success! Private data mounted at [/tmp/ecryptfs.uHQ0z177].
root@ubuntu:/home# ls /tmp/ecryptfs.uHQ0z177/ | grep Doc
Documents
但是即使这样,这些工具的效果也无法达到完美:
root@ubuntu:/home# ecryptfs-recover-private
INFO: Searching for encrypted private directories (this might take a while)...
find: ‘/run/user/999/gvfs’: Permission denied
find: File system loop detected; ‘/sys/kernel/debug/pinctrl’ is part of the same file system loop as ‘/sys/kernel/debug’.
因此,我开始认为我遇到的大多数问题只是在可用性方面可以对ecryptfs进行一些改进。
重新引导到我的真实安装中,现在我可以访问数据了:
root@computer:~# mount /dev/md0 mnt
root@computer:~/mnt/.ecryptfs/user/.Private# cd /root/mnt/.ecryptfs/user/.Private/
root@computer:~/mnt/.ecryptfs/user/.Private# ecryptfs-recover-private .
INFO: Found [.].
Try to recover this directory? [Y/n]:
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n]
INFO: Enter your LOGIN passphrase...
Passphrase:
Inserted auth tok with sig [f4f3498bcfd01070] into the user session keyring
INFO: Success! Private data mounted at [/tmp/ecryptfs.ZMqBVhRu].
root@computer:~/mnt/.ecryptfs/user/.Private# ls /tmp/ecryptfs.ZMqBVhRu | grep Doc
Documents
似乎“搜索”工具ecryptfs-recover-private不能很好地定位.Private文件夹。给出正确的绝对路径可以正常工作。
ecryptfs-recover-private仅在未提供任何参数的情况下进行搜索。如果提供了路径,则必须指向该.Private文件夹。
在此示例中:
ecryptfs-recover-private /root/mnt/.ecryptfs/user/.Private
并且,是的,wrapped-passphrase使用您的登录密码进行了混淆,如果您知道密码并且拥有该文件,则不需要实际的KEY打印输出。
抱歉,很长的帖子,但希望我在这里的“日记”可以为其他人节省几个小时。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句