eCryptfs

Decrypt filenames while leaving contents encrypted

Asked by Peter Thomassen

When normally mounting an ecryptfs filesystem, one can choose if the filenames should also be decrypted (or only the contents of the files).

When using the ecryptfs_encrypted_view mount option, an encrypted view on the data is given at the mount point. This seems to be true for both the filenames and the contents, even if one answers the "Enable filename encryption" with "yes", giving the FNEK then. The FNEK seems to be ignored, and both filenames and contents are encrypted.

Is there a way to have the filesystem mounted with only the filenames decrypted? This would greatly simplify back-up-ing of certain directories only, for one could easily say which directory is which one.

Another important aspect for easy recovery is the following: Is the resulting view on the data identical to what one would have if the filesystem was created using the --no-fnek option?

Thank you.

Question information

Language:
English Edit question
Status:
Solved
For:
eCryptfs Edit question
Assignee:
No assignee Edit question
Solved by:
Dustin Kirkland 
Solved:
Last query:
Last reply:
Revision history for this message
Launchpad Janitor (janitor) said : 		#1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Revision history for this message
Peter Thomassen (mail-peter-thomassen) said : 		#2

I thought I had clearly described what I meant. If there are any questions about my concern, I'd be glad to provide additional info.

Revision history for this message
Best Dustin Kirkland  (kirkland) said : 		#3

Peter,

No, sorry, there is no way to do this.

I have a little trick I use when I just want to map an encrypted and decrypted filename. I chmod the file to a weird permission, like "chmod 123". Then in the other view (either encrypted or decrypted), I run a deep find, "find . -perm 123".

Sorry.

Revision history for this message
Peter Thomassen (mail-peter-thomassen) said : 		#4

Thanks Dustin Kirkland, that solved my question.

Revision history for this message
Frank Swiderski (fes-chromium) said : 		#5

eCryptfs does seem to support passthrough directory names by default. A plaintext directory created in the lower filesystem should show up in the upper filesystem; files and directories (and their names) within that directory will be encrypted, assuming they are created through the upper (eCryptfs) filesystem.

So one method would simply be to pre-create the directory you want to manage in the lower filesystem, and back up/delete that path.

Revision history for this message
Shahar Or (mightyiam) said : 		#6

There's `ecryptfs-find`.