How do cleanly remove all remnants of my Encrypted Private Directory and start over fresh?

Asked by Dustin Kirkland  on 2008-10-21

For various reasons, users may want to remove all remnants of an Encrypted Private directory and start over. The following steps will explain how to do this.

HOWEVER, BE WARNED...THIS REMOVAL IS PERMANENT. ENSURE THAT YOU HAVE APPROPRIATE BACKUPS, OR THAT THERE IS NO DATA OF VALUE.

Ensure that the encrypted private directory is not mounted
 $ umount.ecryptfs_private -f
 $ mount | grep ecryptfs

Make the unmounted Private directory writeable, so that we can remove it
 $ chmod 700 ~/Private

Remove the mountpoint and the underlying data directory. NOTE: THIS IS PERMANENT!!!
 $ rm -rf ~/Private ~/.Private

Remove your ecryptfs rc file, if it exists. NOTE: THIS IS PERMANENT!!!
 $ rm -f ~/.ecryptfsrc

Remove your ecryptfs configuration data, wrapped passphrase, and key signature. NOTE: THIS IS PERMANENT!!!
 $ rm -rf ~/.ecryptfs

Install the keyutils package, and clear your keyring.
 $ sudo apt-get install keyutils
 $ keyctl clear @u

The pam_ecryptfs module will still be in your PAM stack, though it should have no effect if you do not have an encrypted private directory. If you want to complete clear ecryptfs off your system:
 $ sudo apt-get remove ecryptfs-utils libecryptfs0

The set up an encrypted private directory again, you can logout, log back in, and run:
 $ ecryptfs-setup-private

:-Dustin

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu ecryptfs-utils Edit question
Assignee:
No assignee Edit question
Solved by:
Dustin Kirkland 
Solved:
2008-10-21
Last query:
2008-10-21
Last reply:
Dustin Kirkland  (kirkland) said : #1

Post questions related to this FAQ entry below here.

Charles Curley (charlescurley) said : #2

Hi, Dustin. Any chance you can update this for Karmic? I haven't figured out how to do it for Karmic. Thanks

Dustin Kirkland  (kirkland) said : #3

Here's what I'd recommend ...

 1) Logout of all desktop sessions, and login exclusively on the
command line, either via SSH or via ctrl-alt-f1 to the tty.

 2) With your Encrypted Home (or Private) mounted, such that you have
access to your data, copy it somewhere else, unencrypted, but safe.
On my single-user system, /tmp is okay. You might choose to put it
somewhere else instead. Just put it somewhere, and verify that your
data is there. Perhaps:
  mkdir /tmp/backup
  rsync -aP $HOME /tmp/backup

 3) Unmount your encrypted home.
  ecryptfs-umount-private.

 4) Remove all of your ecryptfs meta data. I recommend backing this
up somewhere, though you could rm -rf it too.
  mv /home/.ecryptfs/$USER /tmp/backup/ecryptfs

  5) Remove the remnants of ecryptfs in your unmounted home directory.
 Should just be a few symlinks.
   rm -rf $HOME/* $HOME/.*

  6) Reset the ownerships of your home directory to 755, the Ubuntu default:
   sudo chmod 755 $HOME
   sudo chown $USER:$USER $HOME

  6) Copy your cleartext data back to your home directory.
   rsync -aP /tmp/backup/$USER/ $HOME/

  7) Remove a couple of symlinks that might still be present in your
home directory
   rm -f $HOME/.ecryptfs $HOME/.Private

That should do it... The key is to ensure that none of the following
exist anymore:
  $HOME/.ecryptfs
  $HOME/.Private
  /home/.ecryptfs/$USER

:-Dustin