Attention Encrypted Home Users…
February 25, 2010
We’re rapidly pushing toward an excellent Ubuntu 10.04 LTS release, and we have made a few improvements in the way your Encrypted Home’s metadata is stored.
If you configured your Encrypted Home with Ubuntu 9.10 (Karmic) or Ubuntu 10.04 (Lucid), then no action is required, — you may stop reading here.
If you’re not sure, and you want to check if you need to read this article, take a look at your /var/lib/ecryptfs directory. If that directory is empty, or it does not exist, you may stop reading here. If that directory has contents, then you may want to continue reading…
Ubuntu 9.04 (Jaunty) Encrypted Home installations stored eCryptfs metadata is located in /var/lib/ecryptfs/$USER. This information is absolutely required to mount your Encrypted Home Directory. Actually, everything in here can be re-created if you wrote down your randomly generated mount passphrase!
Big fat reminder here … please be absolutely certain that you have recorded your mount passphrase, on a piece of paper, stored somewhere safely, separate from your computer! You can retrieve your randomly generated passphrase by running the ecryptfs-unwrap-passphrase utility.
For Ubuntu 9.10 (Karmic), new installs actually put this metadata in /home/.ecryptfs/$USER. This is far more convenient for users who put all of /home on its own partition, or for users who just simply backup all of /home.
I’ve previously written about how to move your metadata out of /var/lib/ecryptfs. Particularly if you’re planning a Lucid upgrade of a system that was originally installed with Jaunty’s Encrypted Home Directory, I strongly recommend that you follow these instructions: