I could not login to user account uuss encrypted in img file:
journalctl -r
Jul 24 09:20:02 lin lightdm[3916]: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
Jul 24 09:20:01 lin kernel: broken atomic modeset userspace detected, disabling atomic
Jul 24 09:20:00 lin systemd-logind[964]: Session 4 logged out. Waiting for processes to exit.
Jul 24 09:20:00 lin display-manager[3845]: Error writing X authority: Failed to open X authority /home/uuss/.Xauthority: Permission denied
Jul 24 09:20:00 lin lightdm[4299]: pam_unix(lightdm:session): session opened for user uuss by (uid=0)
Jul 24 09:20:00 lin systemd[1]: Started User Manager for UID 1001.
# ls -la /home/uuss/.Xauthority
ls: cannot access '/home/uuss/.Xauthority': No such file or directory
You have not said anything about what crypto you are using. I presume that is somehow involved.
Personally, I have “/home” encrypted (as part of an encrypted LVM). I have also experimented with using “ecryptfs” for an encrypted home directory. But there are other ways of doing that, and you need to indicate what you are using.
I’ve encrypted this profile using yast2 in earlier version of openSUSE. There was no info about used encryption method so I don’t know what method was used.
Yast no longer offers that option. I think they dropped support for it. Perhaps it should still work after an upgrade, but it is not well supported.
The encrypted image is probably a LUKS encrypted container. You should be able to use “cryptsetup” to decrypt that for accessing the data.
It might be better setup this user as a normal user. And then, if encryption is needed, perhaps it is sufficient to use an ecryptfs private directory, or to use Plasma Vaults (if you are a KDE user). Those would leave an unencrypted home directory for the user, but the sensitive files could be kept encrypted. And, after setting up the user that way, use “cryptsetup” to access the image file, and copy the user data to where it is wanted with the new setup.
For the record, I currently use an encrypted partition for “/home”, and and ecryptfs private directory within that as a second layer of crypto for anything particularly sensitive. I am also experimenting with Plasma Vaults, but I am not seriously using that at present.
Manual here cryptsetup - Unix, Linux Command says *luksOpen *requires partition as parameter and application output told it too. Is it possible to mount img file as “partition” ?
I varied it a little. I used a 100M container instead of the 1G container that they suggest. And I used a manual password (that I type in when prompted) instead of a random key in a file.
It worked just fine in Tumbleweed.
I then booted to Leap 15.2 on the same system, and I was able to use "cryptsetup luksOpen" on the container, and mount it.
It should work the same way on Leap 15.1, but I don't have that on the same computer for testing.
That looks like home directory was encrypted by cryptconfig. Could you check whether the first 8 bytes of uuss.key are equal to “Salted__”?
cryptconfig generated random key and encrypted it using user password; encrypted key was stored in file with .key suffix. So you cannot use cryptsetup directly because you simply do not have the key. Unfortunately cryptconfig does not appear to be available for Leap 15.x anymore, last version was Leap 42.3. cryptconfig used OpenSSL with aes-256-cbc symmetric cipher, but encrypted material is prepended by magic and salt.
I would actually try whether cryptconfig from 42.3 runs under 15.1, it will be the easiest way to get access to encrypted data. Failing that, try to build cryptconfig for 15.1 and if that also fails, well - it is still possible to manually extract salt and use “openssl enc” command with suitable parameters.
It runs under 15.2, one needs to install libopenssl1_0_0. I successfully created and opened image using cryptconfig. It may even be possible to use PAM module, but I leave it as exercise to someone more interested