ecryptfs - Encrypting identical files with the same key leads to different results

0

My understanding so far has been that ecryptfs uses a wrapped passphrase to encrypt files. When I mount two pairs of encrypted/decrypted directories using the same key I expect the same result when encrypting the key. However, this seems not to be true:

$ sudo mount -i -t ecryptfs -o ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=n,ecryptfs_sig=f8ac65b530d4aebc,ecryptfs_key_bytes=32,ecryptfs_cipher=aes,ecryptfs_xattr=y safe1/ open1
$ sudo mount -i -t ecryptfs -o ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=n,ecryptfs_sig=f8ac65b530d4aebc,ecryptfs_key_bytes=32,ecryptfs_cipher=aes,ecryptfs_xattr=y safe2/ open2
$ echo "Hi" > open1/testfile
$ cp -a open1/testfile open2/testfile 
$ md5sum open*/testfile
31ebdfce8b77ac49d7f5506dd1495830  open1/testfile
31ebdfce8b77ac49d7f5506dd1495830  open2/testfile
$ md5sum safe*/testfile
4fe5016ca0b9b283fd05e03ccaee0b14  safe1/testfile
75850506e568f60a77acd96dfb2d2895  safe2/testfile

I think this is not related to the content of the file but to some metadata. Because when I copy encrypted file from one space to the other I can decrypt the content

$ umount open*
$ cp -a safe2/testfile safe1/testfile2
$ sudo mount -i -t ecryptfs -o ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=n,ecryptfs_sig=f8ac65b530d4aebc,ecryptfs_key_bytes=32,ecryptfs_cipher=aes,ecryptfs_xattr=y safe1/ open1
$ sudo mount -i -t ecryptfs -o ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=n,ecryptfs_sig=f8ac65b530d4aebc,ecryptfs_key_bytes=32,ecryptfs_cipher=aes,ecryptfs_xattr=y safe2/ open2
$ cat open1/testfile2 
Hi

Can anyone explain this behavior?

What I'm looking for is a way that the encrypted file in the example above are identical.

Brainbug

Posted 2018-04-25T20:57:34.987

Reputation: 3

stat open1/testfile File: open1/testfile Size: 3 Blocks: 24 IO Block: 4096 regular file Device: 34h/52d Inode: 55072471 Links: 1 Access: (0664/-rw-rw-r--) Uid: ( 1000/ me) Gid: ( 1000/ me) Access: 2018-04-25 22:12:17.751442350 +0200 Modify: 2018-04-25 22:12:02.671242560 +0200 Change: 2018-04-25 22:12:02.671242560 +0200 Birth: - – Brainbug – 2018-04-25T21:18:20.247

stat open2/testfile File: open2/testfile Size: 3 Blocks: 24 IO Block: 4096 regular file Device: 35h/53d Inode: 55072472 Links: 1 Access: (0664/-rw-rw-r--) Uid: ( 1000/ me) Gid: ( 1000/ me) Access: 2018-04-25 22:12:29.655599945 +0200 Modify: 2018-04-25 22:12:02.671242560 +0200 Change: 2018-04-25 22:12:17.751442350 +0200 Birth: - – Brainbug – 2018-04-25T21:19:23.570

Creating the file twice (in open1 and open2) instead of cp is causing different md5sums as well – Brainbug – 2018-04-25T21:22:58.757

1^^^ Can you please put the information in those comments into your question, where they belong. For starters, it's easier to format legibly, and to go on with it makes it easy for people to read and understand your question if they don't have to dig through a comment trail. Thanks – roaima – 2018-04-25T21:47:06.193

Answers

3

The difference in encrypted value is by design. Each encrypted file has a per-file randomly generated session key.

roaima

Posted 2018-04-25T20:57:34.987

Reputation: 1 006

Asked: 2018-04-25T20:57:34.987

Viewed: 67 times

Active: 2018-04-25T21:14:04.117