what ecryptfs-unwrap-passphrase does?

It's not a hashed value, but it is the 128-bit value that is the symmetric encryption/decryption passphrase (key) for your files. It just looks like an MD5 hash because it's a 128-bit value.

The passphrase you're queried for is the user's (your?) login password, with which the encryption passphrase/key is encrypted (in ecryptfs' terms "wrapped").

This enables you to change your login password (with which the encryption passphrase is wrapped) without changing the encryption passphrase itself (which would result in the need to re-encrypt all encrypted files).

Think of it like an SSH private key that you protected with a passphrase - only that, knowing the "raw" encryption passphrase, you can recover your encrypted files without knowing the wrapping passphrase.

So you may store this 128-bit value somewhere safe (i.e. write it down and lock it away somewhere), and even if you forget your wrapping passphrase (i.e. login password), or something else goes wrong, you will be able to recover your encrypted files with the ecryptfs-utils - particularly ecryptfs-recover-private after answering the question if you know your LOGIN password with No; it will then ask if you know the encryption passphrase, which you may then type in from the paper on which you've written it down.


ecryptfs-unwrap-passphrase is used to display your mount passphrase. If you want to see your mount passphrase, use the following command:

ecryptfs-unwrap-passphrase /home/yourusername/.ecryptfs/wrapped-passphrase

More related information can be found here: https://help.ubuntu.com/community/EncryptedPrivateDirectory#Recovering_Your_Mount_Passphrase