How do I move an encrypted directory to a new machine?

Asked by Plutocrat on 2010-11-03

... or the same machine after a re-install in fact.

I've been searching the Interwebs, launchpad, sourceforge etc. but can't find any answer to the question ... "How do I migrate an encrypted .Private directory from one machine to another?" I'm sure it must have been asked and answered before.

I have the .Private directory the .ecryptfs directory and the (empty) Private directory. The login name is the same, and the login password is also the same. ecryptfs-setup-private recommends I use the --force option, but I'm not entirely sure if this will erase my existing files or not.

So ... what is the correct sequence of commands to do this so that I don't overwrite my data?

Do I move the old .Private and .ecryptfs directories out of the way, run ecryptfs-setup-private and then move my original directories back again? Would that work? Would that break anything?

Do I run the ecryptfs-setup-private --force, overwriting the directories but keying in the same encryption password. Would that work? Break anything?

Question information

Language:
English Edit question
Status:
Answered
For:
eCryptfs Edit question
Assignee:
No assignee Edit question
Last query:
2010-11-03
Last reply:
2010-11-03
Serge Hallyn (serge-hallyn) said : #1

Quoting Plutocrat (<email address hidden>):
> New question #132341 on eCryptfs:
> https://answers.launchpad.net/ecryptfs/+question/132341
>
> ... or the same machine after a re-install in fact.
>
> I've been searching the Interwebs, launchpad, sourceforge etc. but can't find any answer to the question ... "How do I migrate an encrypted .Private directory from one machine to another?" I'm sure it must have been asked and answered before.
>
> I have the .Private directory the .ecryptfs directory and the (empty) Private directory. The login name is the same, and the login password is also the same. ecryptfs-setup-private recommends I use the --force option, but I'm not entirely sure if this will erase my existing files or not.
>
> So ... what is the correct sequence of commands to do this so that I don't overwrite my data?
>
> Do I move the old .Private and .ecryptfs directories out of the way, run ecryptfs-setup-private and then move my original directories back again? Would that work? Would that break anything?

I think that should work. It might be even easier to just remove the
original .Private and .ecryptfs directories, copy them both from the old
setup, and... that should be it.

I would recommend just trying it, and letting us know how it goes :)
So long as you have the original .Private saved away elsewhere it
shouldn't hurt anything. You can also test it in a KVM virtual machine
if you already feel attached to the newly installed system.

> Do I run the ecryptfs-setup-private --force, overwriting the directories but keying in the same encryption password. Would that work? Break anything?

It should work, but it just plays with files under ~/.ecryptfs, so just
copying that over should suffice and involve less magic.

Ted_Smith (tedsmith28) said : #2

UIt has been asked before, sort of, and the reply is here :

https://answers.launchpad.net/ecryptfs/+question/104211

Basically, if you copy .Private and .ecryptfs to your new machine and then manually mount your Private dir using your mount passphrase from .ercyptfs/wrapped-passphrase etc, that should work I think.

Another way would be to configure ecryptfs on your new machine from scratch, then copy your .Private files to the .Private dir of your new setup, and then rewrap your old passphrase in youer new setup by running ecryptfs-wrap-passphrase.

As said previously, give it a whirl in a virtual machine first (use VirtualBox or something) and see if it works.

I agree that this is the downside of ecryptfs - it's not easy or obvious how to restore or migrate.

Can you help with this problem?

Provide an answer of your own, or ask Plutocrat for more information if necessary.

To post a message you must log in.