I recently was in the process of migrating from on disk to the next and wanted to make a complete copy of the old one. I use Ubuntu and I had tried out using EcryptFS for my home-folder instead of having whole-disk encryption as I usually have.
Backing things up is easy with dd, a tool that reads whatever you point it to and writes it wherever you point it to. For example:
# dd if=/dev/sda of=/other_disk/backup_of_sda.img bs=1M
This will copy your entire harddrive into a file that you can then loopback mount to create a virtual harddrive. You can also copy just a specific partition by specifying /dev/sda1 and then you can skip the first step of opening it.
Remember, do not do this while you use your disk, so if it's your main drive, boot from a live-cd and do this.
So, now you have an image, how do you access it?
You can open it with parted and list partitions that you can mount (not necessary if you only copied partitions previously).
# parted /other_disk/backup_of_sda.img
GNU Parted 2.3
Using /other_disk/backup_of_sda.img
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) unit
Unit? [compact]? B
(parted) print
Model: (file)
Disk /other_disk/backup_of_sda.img: 80026361856B
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End Size Type File system Flags
1 32256B 477066239B 477033984B primary ext3 boot
2 477066240B 75886433279B 75409367040B primary ext4
3 75886433280B 80023749119B 4137315840B primary linux-swap(v1)
This is the output form my 80GB disk, it has a boot, a primary and a swap at the respective offsets.
Now, I want to mount the primary file system, i do that like this:
# mount -o loop,rw,offset=477066240 /other_disk/backup_of_sda.img /mnt/sda_backup
Now we can access files from it. Except the files in the home directory are encrypted with EcryptFS.
The way I went about this was to create a complete chroot in the /mnt/sda_backup and then use its own EcryptFS tools.
mount --bind /proc/ /mnt/sda_backup/proc
mount --bind /dev/ /mnt/sda_backup/dev
mount --bind /sys/ /mnt/sda_backup/sys
chroot /mnt/sda_backup
Now we're inside our old system and can manipulate it any way we want.
EcryptFS is a bit uncomfortable to work with, but I found this script that makes it a bit easier:
ROOT=/home/.ecryptfs/$USER
TARGET=/mnt/$USER
# ROOT should be the parent of the .ecryptfs and .Private folders
sudo mkdir -p $TARGET
cd $ROOT
echo Type your password:
PASS=$(ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase | sed s/Passphrase:\ //)
SIG1=$(head -n1 .ecryptfs/Private.sig)
SIG2=$(tail -n1 .ecryptfs/Private.sig)
echo Passphrase:
echo $PASS
echo Signatures:
echo $SIG1
echo $SIG2
echo Should be empty:
sudo keyctl clear @u
sudo keyctl list @u
echo Do not type anything:
echo $PASS | sudo ecryptfs-add-passphrase --fnek
echo Sould have signatures:
sudo keyctl list @u
echo Mounting $ROOT on $TARGET...
sudo mount -t ecryptfs -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=yes,ecryptfs_sig=$SIG1,ecryptfs_fnek_sig=$SIG2,passwd=$(echo $PASS) .Private $TARGET
ls $TARGET
I put it in /mnt/sda_backup/home/$USER , that is /home/$USER in the chroot. Remember to check that USER is set to the proper username for the EcryptFS stored home directory you want to access.
There, now you can access everything from the outside world through:
ls /mnt/sda_backup/mnt/$USER
I thought that especially the EcryptFS-part was cumbersome so I thought I'dd write a post where all details come together.
If you want to use encryption under Linux, I strongly suggest using Luks instead, it's a bit harder to get your head around in the beginning since there is no integration in for example Ubuntu, but it is much nicer to use.
Happy hacking,
Daniel