[opensuse] recover an encrypted home from a previous install
I have a spare user account on one machine which I later decided to encrypt using the option in YaST's User and Group Management. I simply selected 'Use Encrypted Home Directory', and allotted it 2000MB. When upgrading to 12.3, I did so by wiping the root partition and keeping /home intact. When I first logged into this spare account in 12.3, I thought things were as usual, then I noticed program settings were reset to defaults, even though some other system settings and old files were visible. I realised I'd not reinstated the encrypted home, and what I was seeing was just the remnants of early files and settings I'd configured before the encryption. Just to complicate things, whilst still on 12.2 I'd changed the 'spare' user ID from 1001 to 1010 and run a couple of commands to update all files found on the system (and in /etc/passwd). Now I'd like to get back into that encrypted volume since it holds a few files I cannot otherwise retrieve. How can I do it? The files 'spare.img' and 'spare.key' still exist, but if I simply re-checked the encryption box in YaST would it not try and create a new volume with a different key, or would it merely read the original one? I believe these two files are under user ID 1010 but the contents would I assume still remain as 1001, which might make it tricky. I am in the process of setting up a new machine and so I could create a user account called 'spare' with user ID 1001, then copy the .img and .key files over and update them to 1001. But I'm still not sure how to import the encrypted volume. Cheers, Peter -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 26/08/13 01:10, Peter wrote:
I have a spare user account on one machine which I later decided to encrypt using the option in YaST's User and Group Management. I simply selected 'Use Encrypted Home Directory', and allotted it 2000MB.
When upgrading to 12.3, I did so by wiping the root partition and keeping /home intact. When I first logged into this spare account in 12.3, I thought things were as usual, then I noticed program settings were reset to defaults, even though some other system settings and old files were visible. I realised I'd not reinstated the encrypted home, and what I was seeing was just the remnants of early files and settings I'd configured before the encryption.
Just to complicate things, whilst still on 12.2 I'd changed the 'spare' user ID from 1001 to 1010 and run a couple of commands to update all files found on the system (and in /etc/passwd).
Now I'd like to get back into that encrypted volume since it holds a few files I cannot otherwise retrieve. How can I do it? The files 'spare.img' and 'spare.key' still exist, but if I simply re-checked the encryption box in YaST would it not try and create a new volume with a different key, or would it merely read the original one? I believe these two files are under user ID 1010 but the contents would I assume still remain as 1001, which might make it tricky.
I am in the process of setting up a new machine and so I could create a user account called 'spare' with user ID 1001, then copy the .img and .key files over and update them to 1001. But I'm still not sure how to import the encrypted volume.
I have found a solution to this but not a logical one, rather something I stumbled across at the point of giving up entirely. I read a forum post where someone in a similar position had recreated an encrypted home in YaST, then copied their old .img and .key files over and essentially tricked the system into letting them access the original encrypted files. I tried it myself, but no joy. On attempting to log in to the spare user account, I got a dialog box: "Cannot enter home directory. Using /." followed by a message top-left: "Call to lnusertemp failed (temporary directories full?) Check your installation." In fact, I first tried this by making a backup of my .img and .key files and copying over to my new system. It dawned on me that since the new system is 64-bit and the old 32-bit, something in the encrypted volume might have disagreed with that, so I decided to try again exclusively on the old machine. In case anybody ever reads this and wants to try themselves, consider whether you had anything you need to recover from that user's home created before the encryption, or as in my case, afterwards on a fresh root install with a preserved home where the encryption hadn't been set up again. In such a circumstance, make sure you create a backup of not only the relevant .img and .key files in the /home directory, but if possible the entire user directory they relate to as well. In my case that was easy, it was only a few gigabytes. It'll become clear why at the end. For a moment I thought this was going to be all so simple and I should have cast all my concerns aside. When I went into YaST's User and Group Management to edit the spare user details, I ticked the 'Use Encrypted Home Directory', and once again allotted it 2000MB. On okaying this, I was prompted with a helpful dialog: "Crypted directory image and key files '/home/spare/.img' and '/home/spare/.key' were found. Use them for current user? This means that data from this image will be used instead of current home directory." Perfect, I thought, they've even implemented a workaround for this situation. Good old SuSE. I clicked Yes, it prompted to install cryptconfig and downloaded a few dependencies, and when finished I logged out and tried to login to the spare user. A new error message this time. Rebooted just in case. Nope, no good: "Error Failed to decrypt key file with the provided password Failed to unlock image" I'd never changed that user's password so was a bit miffed why it was failing. I now noted that the spare.img file was doubled in size, showing 3.9GB instead of 2.0GB, as though it had seemingly appended the new encryption portion onto the old one. I deleted this and the .key file, then copied back over my old ones. Logged out and tried another login, but received the same error dialogs as the first time. It was at this point I'd run out of ideas and was about to give up. I thought I'd just untick the encryption option for the spare user so I could at least log back in to that account. In YaST it prompted me to enter and re-enter the relevant user's password. Having done this, I logged out, rebooted just in case, but still couldn't log in to the spare user account, with the same errors. I had one last brainwave. I logged in to my regular user account, opened up Dolphin in Super User Mode, and took a look at the /home directory. There were no longer any .img or .key files there. That much I'd expected, and I'd also first assumed the spare user home would remain untouched, but I had just a lingering doubt about that. And whilst the user login might be barred by some technical error, root might override it. So I entered the /home/spare folder and voilà! There were all my lost files from prior to the openSUSE 12.3 upgrade when I wiped the root partition. The system had somehow now wiped all my additions to that spare user's home since the upgrade, and replaced it with the contents of the previously encrypted image. There was no warning that it would effectively erase the existing, non-encrypted user's files, so of course I'm now be glad I had made those backups of the /home/spare directory, because I need to compare and merge both its contents and those of the formerly encrypted volume to have a complete set of files. I've obviously made a copy of the lost files onto an external drive just in case the system changes its mind. It's a kind of strange and illogical result, but it's a success! Cheers, Peter -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am Dienstag, 27. August 2013, 16:36:33 schrieb Peter:
[...] "Crypted directory image and key files '/home/spare/.img' and '/home/spare/.key' were found. Use them for current user?
This means that data from this image will be used instead of current home directory."
Perfect, I thought, they've even implemented a workaround for this situation. Good old SuSE. I clicked Yes, it prompted to install cryptconfig and downloaded a few dependencies, and when finished I logged out and tried to login to the spare user. A new error message this time. Rebooted just in case. Nope, no good:
"Error
Failed to decrypt key file with the provided password Failed to unlock image"
I'd never changed that user's password so was a bit miffed why it was failing. I now noted that the spare.img file was doubled in size, showing 3.9GB instead of 2.0GB, as though it had seemingly appended the new encryption portion onto the old one. I deleted this and the .key file, then copied back over my old ones. Logged out and tried another login, but received the same error dialogs as the first time.
Well, this sounds like a bug or something like that. Maybe you could file a bug report?
[...] So I entered the /home/spare folder and voilà! There were all my lost files from prior to the openSUSE 12.3 upgrade when I wiped the root partition. The system had somehow now wiped all my additions to that spare user's home since the upgrade, and replaced it with the contents of the previously encrypted image. There was no warning that it would effectively erase the existing, non-encrypted user's files, so of course I'm now be glad I had made those backups of the /home/spare directory, because I need to compare and merge both its contents and those of the formerly encrypted volume to have a complete set of files. I've obviously made a copy of the lost files onto an external drive just in case the system changes its mind. It's a kind of strange and illogical result, but it's a success!
Many thanks for sharing your solution so may it help others to succeed, too. Gruß Jan -- Expenditures rise to meet available income. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
Jan Ritzerfeld
-
Peter