Can we decrypt a file system using older version of EncFS

zpekter · 11-23-2023, 11:17 AM

Hi All,

Can we decrypt a file system using an older version of encfs than that was encrypted?

I have a specific scenario where the encryption was done by using the encfs 1.9.5 version and the decryption needs to be done by using encfs version 1.7.4.

Does this scenario work?

Details:

Encrypted directory info from EcFS 1.9.5

Quote:

Version 6 configuration; created by EncFS 1.9.5 (revision 20100713)
Filesystem cipher: "ssl/aes", version 3:0:0 (using 3:0:2)
Filename encoding: "nameio/block", version 4:0:0 (using 4:0:2)
Key Size: 256 bits
Using PBKDF2, with 243692 iterations
Salt Size: 160 bits
Block Size: 4096 bytes, including 16 byte MAC header
Filenames encoded using IV chaining mode.
File holes passed through to ciphertext.

Encrypted directory info from EcFS 1.7.4

Quote:

Version 6 configuration; created by EncFS 1.7.4 (revision 20100713)
Filesystem cipher: "ssl/aes", version 3:0:0 (using 3:0:2)
Filename encoding: "nameio/block", version 3:0:0 (using 3:0:1)
Key Size: 256 bits
Using PBKDF2, with 117782 iterations
Salt Size: 160 bits
Block Size: 4096 bytes, including 16 byte MAC header
Filenames encoded using IV chaining mode.
File holes passed through to ciphertext.

Please share your thoughts.
Thanks

NevemTeve · 11-23-2023, 01:10 PM

What did you try and what was the result?

zpekter · 11-23-2023, 08:37 PM

Quote:

Originally Posted by NevemTeve

What did you try and what was the result?

I've created a volume using 1.9.5

Code:

/usr/local/bin/encfs.195 -S --public /root/encfs/new/encrypted /root/encfs/new/decrypted

df -h
Filesystem                        Size  Used Avail Use% Mounted on
devtmpfs                          3.8G     0  3.8G   0% /dev
tmpfs                             3.8G  320K  3.8G   1% /dev/shm
tmpfs                             3.8G  8.7M  3.8G   1% /run
/dev/mapper/vgroup1-root          9.6G  8.0G  1.2G  88% /
/dev/sda1                         240M  199M   29M  88% /boot
tmpfs                             777M     0  777M   0% /run/user/0
encfs.195                         9.6G  8.0G  1.2G  88% /root/encfs/new/decrypted

Then when I tried to mount the same volume using a different version, 1.7.4, it's giving me the below error message.

Code:

/usr/bin/encfs.174 -S --public /root/encfs/new/encrypted /root/encfs/new/decrypted
02:05:13 (FileUtils.cpp:416) Archive exception: XML start/end tag mismatch - uniqueIV
02:05:13 (FileUtils.cpp:365) Found config file /root/encfs/new/encrypted/.encfs6.xml, but failed to load
Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?>

NevemTeve · 11-23-2023, 09:38 PM

This suggests incompatibilty, though the error message about the xml-file sounds in-plausible. Use xmllint two validate the file, or compare files created with different versions of the program.

syg00 · 11-23-2023, 10:28 PM

Did you unmount it before the second attempt ?.

zpekter · 11-24-2023, 12:17 AM

Quote:

Originally Posted by NevemTeve

This suggests incompatibilty, though the error message about the xml-file sounds in-plausible. Use xmllint two validate the file, or compare files created with different versions of the program.

There are no issues with the XML file or formatting. However, the error message says that the format is not valid. I'm suspecting the below difference is causing this issue.
1.9.5

Code:

Key Size: 256 bits
Using PBKDF2, with 243692 iterations

1.7.4

Code:

Key Size: 256 bits
Using PBKDF2, with 117782 iterations

zpekter · 11-24-2023, 12:18 AM

Quote:

Originally Posted by syg00

Did you unmount it before the second attempt ?.

Yes, I did unmount it. And I do have the backup of the data, however, I need to figure out a way to make it work.

NevemTeve · 11-24-2023, 08:15 AM

I reproduced the problem:

Code:

# encfs.174 -S --public /root/encfs_test/encr_01/ /root/encfs_test/mount_01/
15:10:47 (FileUtils.cpp:411) Archive exception: XML start/end tag mismatch - uniqueIV
15:10:47 (FileUtils.cpp:360) Found config file /root/encfs_test/encr_01/.encfs6.xml, but failed to load

Mind you, the start/end tags are valid in the XML:

Code:

# xmllint -noout encr_01/.encfs6.xml
<no error message>
# grep uniqueIV encr_01/.encfs6.xml
        <uniqueIV>1</uniqueIV>

NevemTeve · 11-24-2023, 08:39 AM

It might work, if creation time you use 'expert' mode, and select a file-name-encoding algorithm compatible with the older version (e.g. 4:Stream); also you have to remove this line from the .xml fájl:

Code:

<plainData>0</plainData>

Of course all of this is plain wrong, you should create the encrypter filesystem with the old version of encfs.

zpekter · 11-24-2023, 02:34 PM

Quote:

Originally Posted by NevemTeve

It might work, if creation time you use 'expert' mode, and select a file-name-encoding algorithm compatible with the older version (e.g. 4:Stream); also you have to remove this line from the .xml fájl:

Code:

<plainData>0</plainData>

Of course all of this is plain wrong, you should create the encrypter filesystem with the old version of encfs.

Thank you for this suggestion.
It seems this will solve the issue for the time being so I'm planning to use this method to make things work.