How do I decrypt / unencrypt or decipher Synology NAS encrypted drives?

  • 0 Replies

0 Members and 1 Guest are viewing this topic.


Offline chris

  • Neilep Level Member
  • ******
  • 5388
  • The Naked Scientist
    • View Profile
    • The Naked Scientists
I am posting this here as a "how to" to help others.

Synology NAS DSM comes with an option to encrypt shared drives; this means that if someone removes the drives they cannot decode what is on them. It also means that if you make a remote backup of the drive content, using the built-in backup facility, what is written to the backup drive is also encrypted.

Unfortunately, Synology are pretty hopeless at actually telling you how to unencrypt you content should you need to. The interface gives you an option to export the key, but this dumps on your desktop a file of what looks, at first glance, like gibberish. No instructions are given on how to use it or how to rescue data if you've lost your NAS and need to resort to a backup.

Before I ended up in the above situation, I thought I'd solve the problem in advance to work out how to do it.

So here is what Synology don't, or won't tell you:


1) Create a mount point on your linux platform e.g. /mnt/synology - sudo mkdir /mnt/synology

2) Mount the encrypted drive or directory at this mount point; here's how if it's a synology network share: mount -t cifs -o username=TYPE THE USER LOGIN NAME FOR THE SHARE HERE,password=TYPE THE LOGIN PASSWORD HERE //NAS_SERVER_IP/ENCRYPTED VOLUME /mnt/synology

This will mount the encrypted share to /mnt/synology; check you can see the content by typing ls -l /mnt/synology.

3) Now make another mount point, this time it's for the decrypted content - sudo mkdir /mnt/synology_decrypt

4) Install ecryptfs-utils on your linux platform (sudo apt-get install ecryptfs-utils).

5) Now mount the encrypted volume at the new mount point using this command:

mount -t ecryptfs /mnt/synology_decrypt

6) At the prompt, enter the passphrase or password (not the exported key) you used to encrypt the volume on synology originally.

7) Choose AES as the cipher.

8) Select 32bit.

9) Choose no for plain text passthrough.

10) Choose yes for filename encryption.

11) Your decrypted content will be accessible at the new mount point: cd /mnt/synology_decrypt/

If I have missed anything, please comment below.

This is pretty simple, so I have no idea why Synology have not made more effort to make this clearer on their website and in their supporting documentation. Perhaps they want everyone to buy a new disk station to decrypt their files...

I never forget a face, but in your case I'll make an exception - Groucho Marx