search

vgough / encfs

EncFS: an Encrypted Filesystem for FUSE.
https://vgough.github.io/encfs/
Other
2.08k stars 277 forks source link

Feature request: ignore invalid file names in encfsctl decode #37

Open kaymes opened 9 years ago

kaymes commented 9 years ago

When using encfsctl to decode file names (encfsctl decode ...), an error is produced each time a file name is invalid.

There should be a switch such that all tokens that are not valid encrypted file names are simply passed through to stdout unchanged.

The use case is this: suppose you have a log file with a lot of encrypted file names. For example a log file from a backup of an encrypted file system. Then you can simply pipe the entire log file though encfsctl and all file names are decrypted.

This might be incompatible with Filename Initialization Vector Chaining, I'm not sure. But for cases with Filename Initialization Vector Chaining is disabled, it should be easy to implement.

fulldecent commented 9 years ago

This sounds like this option from encfs:

   --anykey
       Turn off key validation checking.  This allows EncFS to be used with secondary
       passwords.  This could be used to store a separate set of files in an encrypted
       filesystem.  EncFS ignores files which do not decode properly, so files created with
       separate passwords will only be visible when the filesystem is mounted with their
       associated password.
kaymes commented 9 years ago

The option I asked for is different.

--anykey changes the way the encfs filesystem works and allows it to ignore files that are invalid.

What I am looking for is an option about how "encfsctl decode" processes its input.

Normally "encfsctl decode" expects one file name per line on the input and then produces a line with the correct file in the output. Whenever an invalid line is encountered, it throws an error.

What I am looking for is an option that "encfsctl decode" simply passes through all invalid lines and tokens unchanged. That way one can filter a log file through "encfsctl decode" to make it readable.

Assume the following: I have a log file of some obscrure backup script. A line might read like this:

Input: Obscure backup: Error: could not copy file /encrypted/foo/foEGacaE7o5/,VRxG,4FzFq4J-/wzZhuHYm5w8L because the moon phase was wrong.

Desired output: Obscure backup: Error: could not copy file /encrypted/foo/secret/naughty/voodoo.csv because the moon phase was wrong.

If IV chaining is disabled this should be pretty simple to implement. Simply split the line at all "/" signs and replace all parts that are valid encrypted filenames by its decrypted counterpart and leave the rest unchanged.