Can we decrypt a file system using older version of EncFS
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can we decrypt a file system using older version of EncFS
Hi All,
Can we decrypt a file system using an older version of encfs than that was encrypted?
I have a specific scenario where the encryption was done by using the encfs 1.9.5 version and the decryption needs to be done by using encfs version 1.7.4.
Does this scenario work?
Details:
Encrypted directory info from EcFS 1.9.5
Quote:
Version 6 configuration; created by EncFS 1.9.5 (revision 20100713)
Filesystem cipher: "ssl/aes", version 3:0:0 (using 3:0:2)
Filename encoding: "nameio/block", version 4:0:0 (using 4:0:2)
Key Size: 256 bits
Using PBKDF2, with 243692 iterations
Salt Size: 160 bits
Block Size: 4096 bytes, including 16 byte MAC header
Filenames encoded using IV chaining mode.
File holes passed through to ciphertext.
Encrypted directory info from EcFS 1.7.4
Quote:
Version 6 configuration; created by EncFS 1.7.4 (revision 20100713)
Filesystem cipher: "ssl/aes", version 3:0:0 (using 3:0:2)
Filename encoding: "nameio/block", version 3:0:0 (using 3:0:1)
Key Size: 256 bits
Using PBKDF2, with 117782 iterations
Salt Size: 160 bits
Block Size: 4096 bytes, including 16 byte MAC header
Filenames encoded using IV chaining mode.
File holes passed through to ciphertext.
Please share your thoughts.
Thanks
Last edited by zpekter; 11-23-2023 at 11:20 AM.
Reason: Adding more information
Then when I tried to mount the same volume using a different version, 1.7.4, it's giving me the below error message.
Code:
/usr/bin/encfs.174 -S --public /root/encfs/new/encrypted /root/encfs/new/decrypted
02:05:13 (FileUtils.cpp:416) Archive exception: XML start/end tag mismatch - uniqueIV
02:05:13 (FileUtils.cpp:365) Found config file /root/encfs/new/encrypted/.encfs6.xml, but failed to load
Creating new encrypted volume.
Please choose from one of the following options:
enter "x" for expert configuration mode,
enter "p" for pre-configured paranoia mode,
anything else, or an empty line will select standard mode.
?>
This suggests incompatibilty, though the error message about the xml-file sounds in-plausible. Use xmllint two validate the file, or compare files created with different versions of the program.
This suggests incompatibilty, though the error message about the xml-file sounds in-plausible. Use xmllint two validate the file, or compare files created with different versions of the program.
There are no issues with the XML file or formatting. However, the error message says that the format is not valid. I'm suspecting the below difference is causing this issue.
1.9.5
Code:
Key Size: 256 bits
Using PBKDF2, with 243692 iterations
1.7.4
Code:
Key Size: 256 bits
Using PBKDF2, with 117782 iterations
It might work, if creation time you use 'expert' mode, and select a file-name-encoding algorithm compatible with the older version (e.g. 4:Stream); also you have to remove this line from the .xml fájl:
Code:
<plainData>0</plainData>
Of course all of this is plain wrong, you should create the encrypter filesystem with the old version of encfs.
It might work, if creation time you use 'expert' mode, and select a file-name-encoding algorithm compatible with the older version (e.g. 4:Stream); also you have to remove this line from the .xml fájl:
Code:
<plainData>0</plainData>
Of course all of this is plain wrong, you should create the encrypter filesystem with the old version of encfs.
Thank you for this suggestion.
It seems this will solve the issue for the time being so I'm planning to use this method to make things work.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.