search

google / fscrypt

Go tool for managing Linux filesystem encryption
Apache License 2.0
886 stars 99 forks source link

Partial Decrypt #381

Closed JP-Ellis closed 1 year ago

JP-Ellis commented 1 year ago

I recently made a full copy of a hard drive (using dd) to an external drive, expecting that this should have all of the data for me to restore. In the backup, my home directory is encrypted using fscrypt and homectl (all other files are fine).

I am now trying to restore my old home directory, unsuccessfully so far. Here are the steps I have followed:

I have tried having the identity file mount to /home/me instead of /mnt/bkp/home/me in case that was an issue, but the same thing happens. The fact that I can decrypt the home directory and files within it is promising, but I'm unsure why I am not able to decrypt any of the directories/files in any subdirectories. Does anyone have an idea as to what I can do?

I did see the other issue, but it shouldn't be an issue here as I can access the .identity file in the home directory.

ebiggers commented 1 year ago

systemd-homed is unrelated to the fscrypt userspace tool, other than both using Linux native filesystem encryption (which is sometimes called "fscrypt" as well). As this issue deals with the systemd-homed specific key management, we can't help you here. Please file this issue with systemd at https://github.com/systemd/systemd.

JP-Ellis commented 1 year ago

It was unclear to me where the error might lie, though I thought that given I am able to partially decrypt my home directory (at least, the first directory), I assumed that the issue isn't with the key management.

Since my original post, I have also tried booting from the dd-copied drive, and I in fact get the same error whereby I am able to decrypt the root directory, but cannot decrypt any subdirectories. @ebiggers Does this present as an fscrypt error? Or still an systemd-homed error?

ebiggers commented 1 year ago

I don't believe you are using this project at all. You are using systemd-homed.