In my /home directory is a link entry, ".Private". It points to a directory containing files whose names begin with, "ENCRYPTFS_FNEK_ENCRYPTED... Some of these files bear very recent time stamps, like today's date. I don't remember ever setting up an encrypted file system, much less adding entries today. The OS (Lucid) seems to operate flawlessly. What's going on
Announcement
Collapse
No announcement yet.
Mystery Encrypted Files
Collapse
This topic is closed.
X
X
-
Re: Mystery Encrypted Files
I think this is related to an encrypted directory, but just not being used. This page has related information including the following:
How to Remove an Encrypted Private Directory Setup
Perhaps an Encrypted Private Directory is not for you. To remove this setup:
Ensure that you have moved all relevant data out of your ~/Private directory
Unmount your encrypted private directory
$ ecryptfs-umount-private
Make ~/Private writable again
$ chmod 700 ~/Private
Remove ~/Private, ~/.Private, ~/.ecryptfs (Note: THIS IS VERY PERMANENT)
$ rm -rf ~/Private ~/.Private ~/.ecryptfs
Uninstall the utilities
$ sudo apt-get remove ecryptfs-utils libecryptfs0
- Top
- Bottom
Comment
-
Re: Mystery Encrypted Files
Be careful, if the drive IS encrypted, and I believe it is, you (in theory) could loose access to your data. If you want to try and undo this, be sure to first back up EVERYTHING in your home dir first, while your files are accessible to you.
- Top
- Bottom
Comment
-
Re: Mystery Encrypted Files
This is a dual-boot (Win7/Lucid) machine. My Win7 half of the installation has no trouble reading my data files, which are shared with Lucid. So I don't think the drive is encrypted.
One further bit of info -- the largest FILE (not directory) which shows up in /home/paul/.Private always seems to be 7 MB in size, and its time stamp is updated EVERY MINUTE. Something (maybe connected with the SLEEP feature?) is continually writing to this file.
- Top
- Bottom
Comment
-
Re: Mystery Encrypted Files
those are your actual files from your $HOME, and as such there will be something updating, and I would imagine there has to be some syncing
I have my main laptop encrypted, and it looks and acts exactly as you describe, while the other 2 systems have never had encryption done at any point, and do not have these directories.
How are you accessing your $HOME dir from Windows? and can you see the hidden dirs in there? Such as .kde, etc.
- Top
- Bottom
Comment
-
Re: Mystery Encrypted Files
I said that my Win7 half of the installation has no trouble reading my data files, which are shared with Lucid. This is true, but I failed to realize that the shared data files are on an NTFS partition, which both OSs can read. So, you may be right in surmising that my EXT4 Lucid partition is encrypted. If this is so, the question becomes whether to 1) do nothing and live with it, or 2) Try to learn the encryption key, or 3) try to unencrypt the partition. Any advice?
- Top
- Bottom
Comment
-
Re: Mystery Encrypted Files
Originally posted by claydohBe careful, if the drive IS encrypted, and I believe it is, you (in theory) could loose access to your data. If you want to try and undo this, be sure to first back up EVERYTHING in your home dir first, while your files are accessible to you.
- Top
- Bottom
Comment
-
Re: Mystery Encrypted Files
IF your $HOME directory (/home/<your-username>) is encrypted, then by logging in, everything there has been decrypted already. So if you want to undo ,or wipe clean and start with a fresh $HOME, then all you need to do is copy everything just like you normally would. While you are logged in, everything acts like it normally would.
The page Ole Juul linked to lists methods to recover data, I believe the decryption passphrase is the login passphrase in Lucid.l Though I have never attempted to recover date this way, I DID once backup and wipe my $HOME to start fresh, but not deleting the .encryptfs folder as I use it for my dual boot with Maverick. I installed as usual, enabling encryption on my $HOME, using the same username and password as before, but with fresh $HOME. I logged in, and all my data was still there as I did not delete the /.encryptfs/claydoh folder.
So I think recovering data (if needed) can be done using the methods in that link, but it there is peace-of-mind in having an other set of readable files just in case
- Top
- Bottom
Comment
Comment