search

mrpdaemon / encfs-java

encfs-java is a Java library for accessing data in EncFS volumes
GNU Lesser General Public License v3.0
42 stars 15 forks source link

support the encfs settings that BoxCryptor uses #1

Closed aefo closed 12 years ago

aefo commented 12 years ago

(Let me know if this should be reported elsewhere...)

Would be great for this to support the encfs settings that BoxCryptor uses (http://www.boxcryptor.com/) uses. I tried mine locally with the currently code & I get a Volume key checksum mismatch.

Let me know if more details are required

Thanks,

Exception in thread "main" org.mrpdaemon.sec.encfs.EncFSInvalidPasswordException: Invalid password at org.mrpdaemon.sec.encfs.EncFSVolume.createVolume(EncFSVolume.java:132) at org.mrpdaemon.sec.encfs.EncFSVolume.(EncFSVolume.java:200) at org.mrpdaemon.sec.encfs.EncFSVolume.(EncFSVolume.java:258) at EncFSShell.main(EncFSShell.java:89) Caused by: org.mrpdaemon.sec.encfs.EncFSChecksumException: Volume key checksum mismatch at org.mrpdaemon.sec.encfs.EncFSCrypto.decryptVolumeKey(EncFSCrypto.java:331) at org.mrpdaemon.sec.encfs.EncFSVolume.createVolume(EncFSVolume.java:130) ... 3 more

mrpdaemon commented 12 years ago

Thanks for showing interest to this project. It was on my roadmap to get the library working with different EncFS configurations, so this is a good place to start. It would be very useful if you could send me the EncFS config file that BoxCryptor generates, it will be a file named '.encfs6.xml' under the root directory of the EncFS volume (it is a hidden dot file, so GUI file managers could omit it). Don't worry, there is no confidential information in this file, I just need to see the parameters BoxCryptor uses to create the volume so I can create a similar volume and debug the issue.

Thanks again for your interest, open source is awesome...

aefo commented 12 years ago

Sure, I've created a new test one (with a password of "test", without double quotes). The .encfs6.xml files contents is below. I've attached a copy of it in a zip file along with a test file that has been added once the area had been mounted.

Regards,

Andrew

<?xml version="1.0" encoding="utf-8" standalone="yes"?> <!DOCTYPE boost_serialization>

20100713 BoxCryptor 1.0.0.0 ssl/aes 3 0 nameio/stream 2 1 256 4096 0 0 0 0 0 1 52 p8hapetrpqIyAxe/9mLE/nNGFFWugkLiTn1g+bAA1NMOwnD4YhcI6xc3ObQ8df1NoFVh8A== 20 106QqKPzGADnhiVHOYtgv0PbiUs= 5000 500

On 13/12/2011 07:33, mrpdaemon wrote:

Thanks for showing interest to this project. It was on my roadmap to get the library working with different EncFS configurations, so this is a good place to start. It would be very useful if you could send me the EncFS config file that BoxCryptor generates, it will be a file named '.encfs6.xml' under the root directory of the EncFS volume (it is a hidden dot file, so GUI file managers could omit it). Don't worry, there is no confidential information in this file, I just need to see the parameters BoxCryptor uses to create the volume so I can create a similar volume and debug the issue.

Thanks again for your interest, open source is awesome...

Reply to this email directly or view it on GitHub: https://github.com/mrpdaemon/encfs-java/issues/1#issuecomment-3119902

aefo commented 12 years ago

Also, there is some basic details on the BoxCryptor forum (at https://boxcryptorsupport.uservoice.com/knowledgebase/articles/35105-can-boxcryptor-mount-encrypted-volumes-created-wit) on the EncFS config / settings they use.

Let me know if you need any more details / testing...

aefo commented 12 years ago

Noticed email attachment didn't go through, uploaded at http://db.tt/ZedQQz0y

mrpdaemon commented 12 years ago

Hey man, thanks for uploading the example volume. I've committed a couple fixes that gets us further towards being able to read this volume:

6650a0be3c : Support variable size volume keys 10e86483c6: Add support for uniqueIV = 0

The volume key is passing the checksum test, but now I'm at this:

Input length not multiple of 16 bytes org.mrpdaemon.sec.encfs.EncFSCorruptDataException: Input length not multiple of 16 bytes at org.mrpdaemon.sec.encfs.EncFSFile.decodeName(EncFSFile.java:165) at org.mrpdaemon.sec.encfs.EncFSFile.(EncFSFile.java:77) at org.mrpdaemon.sec.encfs.EncFSFile.listFiles(EncFSFile.java:260) at EncFSShell.main(EncFSShell.java:124)

The reason for this is that I haven't implemented the nameio/stream algorithm (I've implemented the nameio/block algorithm). Actually the stream algorithm is super easy to implement (block is more complicated), so I'm hoping to get it done soon. I need to add some config parsing and plumbing to select between the two algorithms as well.

Stay tuned, hopefully I'll get the library reading your test volume soon.

mrpdaemon commented 12 years ago

Check it out with 1fb202421f , I'm able to decrypt your test volume :)

/ > ls .encfs6.xml testfile.txt / > cat testfile.txt test file

aefo commented 12 years ago

Wow, very cool...and a quick turn around on getting it working. Looking forward to trying it out at home.

Also looking forward to

echo hello > test.txt working in the future! :-)

Thanks

From: mrpdaemon reply@reply.github.com Sent: Fri Dec 16 09:45:30 GMT 2011 To: aormerod aefo@ormerods.net Subject: Re: [encfs-java] support the encfs settings that BoxCryptor uses (#1)

Check it out with1fb202421f , I'm able to decrypt your test volume :)

/ > ls .encfs6.xml testfile.txt / > cat testfile.txt test file

Reply to this email directly or view it on GitHub: https://github.com/mrpdaemon/encfs-java/issues/1#issuecomment-3175265

mrpdaemon commented 12 years ago

Lol yeah, write support is a ton more work :) Let me know how it works for you so I can close this issue.

aefo commented 12 years ago

Hi,

Just pulled down these changes. They worked great for the sample, however when I tried it against my real encfs files it failed with a "Mismatch in file checksum" error. (Output below).

From tracing it through the reason is because the raw file system has a file in it that doesn't belong to the encfs volume. It's a Desktop.Ini file that Windows created on the raw folder (not the encrypted / mounted encfs files). I seem to recall reading somewhere that encfs can support mixing different volumes in the same raw file system area and that it just skips the ones that don't below to it's volume. I assume that this is what BoxCryptor must be doing.

I put in a local change to skip files where the file name can't be decoded (only if isChainedNameIV() == false) in the EncFSFile.listFiles() method. With this patched change it seems able to read my 'live' encfs volume from BoxCryptor.

I've created some more boxcryptor encfs samples that recreate this issue so they can be used for future testing / regression testing. I'll do some more testing that the contents of file is OK & try and upload the samples as github patches...

Thanks,

Failed output: Enter password: test / > ls Mismatch in file checksum org.mrpdaemon.sec.encfs.EncFSChecksumException: Mismatch in file checksum at org.mrpdaemon.sec.encfs.EncFSFile.decodeName(EncFSFile.java:199) at org.mrpdaemon.sec.encfs.EncFSFile.(EncFSFile.java:77) at org.mrpdaemon.sec.encfs.EncFSFile.listFiles(EncFSFile.java:291) at EncFSShell.main(EncFSShell.java:127)

mrpdaemon commented 12 years ago

This one is hopefully fixed.