eCryptfs: remove directory from list of encrypted directories so I can replace it and re-encrypt

Question

I have a directory in my home directory that is encrypted with eCryptfs. Somehow, it got corrupted, and I can't read any of the files in the directory. I'm not inclined to try to fix it, since I have a very recent backup.

So, I copied the backup into my home directory, e.g.:

mv directory directory.corrupted
cp /mnt/backup/directory /home/user/directory

Now, when I try to use ecryptfs on the unencrypted directory I just copied over, it just mounts it without an error message, but the files become unreadable (and become readable when I unmount it). Somehow, I need to be able to tell eCryptfs that I'm starting over with this directory name and it needs to be re-encrypted.

I could, I suppose, just encrypt with a different directory name, but I have scripts, etc. that use it, and I don't want to edit them.

As an aside I have other directories that are also encrypted with eCryptfs, and they all mount and unmount fine. This is limited to just one of my encrypted directories.

I'm running Ubuntu 23.04 on an MSI laptop, KDE plasma 5.27.4.

uname -a

Linux mybox 6.2.0-26-generic #26-Ubuntu SMP PREEMPT_DYNAMIC Mon Jul 10 23:39:54 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

Answer 1

eCryptFS doesn't work that way. The folder name isn't the problem, the problem is that eCryptFS does not encrypt existing data the way you expect it to. There is nothing like "re-encryption" in it.

When you mount an eCryptFS filesystem, it acts very much like a filter and only accesses the encrypted "lower" files that correspond to whatever "upper" file you're asking it to access.

So start with an empty directory (moving your clear files to the side), mount eCryptFS there, and move your files into the encrypted mount.