Top level filenames not encrypted #214
Description
Here's what I did:
test@test2:~$ mkdir t1
test@test2:~$ fscrypt encrypt t1
Should we create a new protector? [y/N] n
Enter login passphrase for test:
"t1" is now encrypted, unlocked, and ready for use.
Then I went to Ubuntu's file manager and copied a directory named ums into t1.
test@test2:~$ ls t1 -lat
total 12
drwx------ 3 test test 4096 Apr 1 13:20 .
drwxr-xr-x 29 test test 4096 Apr 1 13:19 ..
drwxr-xr-x 2 test test 4096 Mar 26 19:47 ums
After locking t1, ums is still visible as the file name:
test@test2:~$ sudo fscrypt lock --user=test t1
Encrypted data removed from filesystem cache.
"t1" is now locked.
test@test2:~$ ls t1 -lat
total 12
drwx------ 3 test test 4096 Apr 1 13:20 .
drwxr-xr-x 29 test test 4096 Apr 1 13:19 ..
drwxr-xr-x 2 test test 4096 Mar 26 19:47 ums
But filenames in ums are encrypted:
test@test2:~$ ls t1/ums -lat
total 257112
drwx------ 3 test test 4096 Apr 1 13:20 ..
-rw-rw-r-- 1 test test 874 Mar 26 19:59 zpPsO8U0q1+FLq9FTdQsQ0Ja4itGmLJ7e0v2bTn9FRF
drwxr-xr-x 2 test test 4096 Mar 26 19:47 .
-rw-rw-r-- 1 test test 18 Mar 26 18:53 2qT,kZSHQ4z2UzAjXtkc7gHhnJPp7lyIXn1wQY+1RKL
-rw-rw-r-- 1 test test 43 Mar 26 18:37 JAbm,ev+bf5jyulBzNo22q,7wzq8Wb5a7QnAiRldPgK
-rwxrwxr-x 1 test test 413 Mar 26 18:36 oXTqSCsudcq0YCOuMcQGMIX3yxDPNMkMElyE6neHb9H
-rw-rw-r-- 1 test test 9283 Mar 26 18:36 0biVh,8CLUua,NV0fvC1cdPq04F7,lpGT8W0Ny5kWzI
-rwxrwxr-x 1 test test 946 Mar 26 18:36 Ba5nnF+Oi+7iyTMV0v6fh6Gp8AVfm4Gg8gctP0+HMfC
-rwxrwxr-x 1 test test 222 Mar 26 18:36 BBKQz3sskDll73UDuM,LlWcrtTOkpnj+VHx,t69Qb4N
-rw-rw-r-- 1 test test 585 Mar 26 18:36 cJF2c0vq,iiTocTFitbOIUqHMzo,J88h7HwsdOfszAL
-rwxrwxr-x 1 test test 1912 Mar 26 18:36 GKVJr25cM4X4aH+EEFCGJs2358aVm+hNnzwmD5sC90L
-rw-r--r-- 1 test test 263225531 Mar 26 18:25 UeHG,4aoK8GfN0mKEcZt5wqN8j+bmvtT9U7ApuURgSB
Now I can create files in t1 but not read them:
test@test2:~$ touch t1/test
test@test2:~$ ls -lat t1
total 12
drwx------ 3 test test 4096 Apr 1 13:23 .
-rw-r--r-- 1 test test 0 Apr 1 13:23 test
drwxr-xr-x 29 test test 4096 Apr 1 13:19 ..
drwxr-xr-x 2 test test 4096 Mar 26 19:47 ums
test@test2:~$ cat t1/test
cat: t1/test: Required key not available
Version info:
$ fscrypt --version
fscrypt - A tool for managing Linux filesystem encryption
Version:
v0.2.6
Compiled:
2020-02-11 08:08:48 +0000 UTC
Hope this helps!