What about filename encryption?

Asked by Dustin Kirkland  on 2008-09-25

Long story short: eCryptfs filename encryption is available since Linux 2.6.29.

The namespace problem arises when we consider the case where two files have the same unencrypted name. This can be a problem when the user does not have the key for every file in any given directory. Imagine, for instance, that Alice creates a file named ``meeting_notes.txt'' in a shared directory on an NFS server. The filename is encrypted with a key known only to Alice and Carol. Bob then creates a file in the same shared NFS directory and also names it ``meeting_notes.txt'', encrypting the filename with another key only known to Bob and Carol. Bob's eCryptfs client cannot detect the unencrypted filename conflict in the namespace because Bob does not have Alice's key.

So two different files that have the same unencrypted name and different encrypted names appear in the same directory. When Carol, who has both Alice's key and Bob's key, lists the contents of the directory, he winds up seeing two different files with the same filename in the same directory, which is a POSIX violation.

The solution we have implemented is to use a separate key just for filename encryption, requiring all filenames encrypted under any given directory to be encrypted with that key. Filename encryption is available since Linux 2.6.29.

Question information

English Edit question
eCryptfs Edit question
No assignee Edit question
Solved by:
Dustin Kirkland 
Last query:
Last reply:
Dustin Kirkland  (kirkland) said : #1

Answered by the FAQ.