Deleting files from folder encrypted with fscrypt

[PatrickAlyson]

I have a folder encrypted with fscrypt. If I unlock this folder and delete a file from it (as the folder is unlocked anyone can see the contents of the files), then after deletion I lock this folder again, what will happen to this deleted file? Can it be recovered by forensic means? Will they be able to read the file's content?

I've searched online but couldn't find anything about deleting files from fscrypt encrypted folders. I'm on ubuntu.

[josephlr]

@ebiggers can confirm, but I think that the kernel key management works in the following way:

• When a folder is encrypted with fscrypt, a specific encryption policy is associated to the folder.
• When a folder is unlocked, an master encryption key for that encryption policy is sent to the kernel via the FS_IOC_ADD_ENCRYPTION_KEY IOCTL.
• When a file is created in an encrypted directory, the kernel "randomly generates a 16-byte nonce and stores it in the inode’s encryption xattr". The nonce and the master encryption key is used to derive (via a KDF) per-file data and filename keys. See the docs here
• These per-file keys are used to encrypt the content and the name of the file.
• When a file is deleted, the inode xattrs are (eventually) removed from the disk. I don't know when this happens or how long it takes.
• This means that if a master encryption key is later compromised, and an attacker only has access to a version of the disk where the inode xattr has been deleted, it will not be possible to recover the file contents.
• If the master encryption key is never compromised, then an attacker should not be able to ever read the contents of the disk, regardless of if the files were deleted or not.

as the folder is unlocked anyone can see the contents of the files

This isn't exactly true. When a folder is unlocked, normal filesystem permissions are still active, so if you have ACLed the file to only be readable by a certain group, only users in that group can read the file, even if it is unlocked.

[PatrickAlyson]

@josephlr Thanks, I really appreciate your help. Based on your answer, it appears that when deleting a file from a folder that has been encrypted with fscrypt, the security of the file's content is not compromised as long as the master encryption key remains uncompromised. Thus, it should not matter whether the folder is unlocked or locked at the time of deletion. Did I understand it correctly?

I suppose my question can be condensed as follows: "Is it secure to delete a file from an unlocked folder?"

[ebiggers]

Unfortunately, fscrypt does not guarantee secure deletion of anything because it is impossible without special hardware support. Deleted encrypted files are still less likely to be forensically recoverable than deleted unencrypted files (see the details that @josephlr gave about how each file has a unique encryption key derived for it), but it's not guaranteed.

It doesn't matter whether files are unlocked at the time of deletion or not.

Note: Android's File Based Encryption, which uses the same kernel functionality as fscrypt, does guarantee secure deletion of encryption keys on many devices. But this is only because when protecting these keys, Android uses some Android-specific HALs that provide access to special hardware. This isn't something that the fscrypt tool can use.

[PatrickAlyson]

I understand. Thanks, I really appreciate your help @ebiggers and @josephlr.