Friday, June 2, 2017

encryption - Will changing password re-encrypt my home directory?



I need to change my user password. Do I need to take any extra steps for my encrypted home directory to become inaccessible with my old password and only accessible with my new password?



There is no need to re-encrypt your home directory, and no further steps need to be taken.



Your home directory is not directly encrypted with your password. Instead, the passphrase used to encrypt the home directory is itself encrypted with your password.



When you change your password, the home directory passphrase is re-encrypted with your new password, so you should have continued access to your files with the new password.




This is handled via PAM (Pluggable Authentication Modules), so should work with any password change tool. The exception is administrative password changes where the original password is not provided. This is expected behaviour though: if the administrator could decrypt your files without knowing your password then there would be no actual protection.



In the case you perform an administrative password change, after mounting your home directory with



ecryptfs-mount-private


and your old password, issue




ecryptfs-rewrap-passphrase ~/.ecryptfs/wrapped-passphrase


to change the unwrapping password to match your new one. This way your home directory will be auto-mounted at login, just as it used to.


No comments:

Post a Comment

11.10 - Can't boot from USB after installing Ubuntu

I bought a Samsung series 5 notebook and a very strange thing happened: I installed Ubuntu 11.10 from a usb pen drive but when I restarted (...