Closed PatrickAlyson closed 1 year ago
@ebiggers can confirm, but I think that the kernel key management works in the following way:
fscrypt
, a specific encryption policy is associated to the folder.FS_IOC_ADD_ENCRYPTION_KEY
IOCTL.as the folder is unlocked anyone can see the contents of the files
This isn't exactly true. When a folder is unlocked, normal filesystem permissions are still active, so if you have ACLed the file to only be readable by a certain group, only users in that group can read the file, even if it is unlocked.
@josephlr Thanks, I really appreciate your help. Based on your answer, it appears that when deleting a file from a folder that has been encrypted with fscrypt, the security of the file's content is not compromised as long as the master encryption key remains uncompromised. Thus, it should not matter whether the folder is unlocked or locked at the time of deletion. Did I understand it correctly?
I suppose my question can be condensed as follows: "Is it secure to delete a file from an unlocked folder?"
Unfortunately, fscrypt
does not guarantee secure deletion of anything because it is impossible without special hardware support. Deleted encrypted files are still less likely to be forensically recoverable than deleted unencrypted files (see the details that @josephlr gave about how each file has a unique encryption key derived for it), but it's not guaranteed.
It doesn't matter whether files are unlocked at the time of deletion or not.
Note: Android's File Based Encryption, which uses the same kernel functionality as fscrypt
, does guarantee secure deletion of encryption keys on many devices. But this is only because when protecting these keys, Android uses some Android-specific HALs that provide access to special hardware. This isn't something that the fscrypt
tool can use.
I understand. Thanks, I really appreciate your help @ebiggers and @josephlr.
I have a folder encrypted with fscrypt. If I unlock this folder and delete a file from it (as the folder is unlocked anyone can see the contents of the files), then after deletion I lock this folder again, what will happen to this deleted file? Can it be recovered by forensic means? Will they be able to read the file's content?
I've searched online but couldn't find anything about deleting files from fscrypt encrypted folders. I'm on ubuntu.