LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   "logically" loosing encfs data (https://www.linuxquestions.org/questions/linux-newbie-8/logically-loosing-encfs-data-4175527698/)

yxlan 12-08-2014 12:29 PM
"logically" loosing encfs data
 
Hi all,

I'm doing backup to some remote site using sshfs and encfs. Actually I use 4 mounts for this.

Now I happend that the data from mount #1 seemed to have disappeared when listing the unencryped view via encfs. When listing the encryped view of sshfs everything seems fine.

I accessed the remote site and tried to encfs the encrypted data via encfs. Same result. Password seems fine, but the dir seems to be empty.

Did the same with another encrypted directory (i.e. mount #2) and everything seems fine, I do see all the folder and files.

I did try to write new file using the encfs view on the originating site ... and it shows up fine on the remote site using the encfs view.

I tried to recover the data on the remote site using

"encfsctl export encfs_dir dest_dir"

but all it does is decrypt the single file I just created on the originating site.

So my only idee is that I must somehow lost .encfs6.xml which was later created again. So loosing this file makes my encryted backup worthless???

Any idea how to recover data in this situation?

Any idea how to take precaution to avoid this situation in the future?

TIA Wolfgang

neonsignal 12-09-2014 08:03 AM
Unfortunately, if you have lost the original ".encfs6.xml" (in particular, the "encodedKeyData" field) then you will not be able to recover your files. The best mitigation strategy is to have backups, but I figure you already know that! You could also make the ".encfs6.xml" file read-only.

yxlan 12-09-2014 10:22 AM
lost .encfs6.xml
 
OK, did some research und nowI know that this file is crucial :-(

But I did not find a description, when this file is created. The timestamp of the file indicates, that the original file was somehow deleted and that a new file was created. So my question to avoid this in the future: when does encfs build this file?

It is my understanding, that processes may access the encrypted and the unencrypted view to the files and that you may even mix encrypted und unencryped data. May this have caused the problem?

When encfs finds some .encfs6.xml, does it just show those files and directories that can sucessfully be de-crypted using the data found in .encfs6.xml?

I just would to avoid this kind of problem in the future ... and of cause secure the .encfs6.xml file now ... :-)

tx Wolfgang

neonsignal 12-09-2014 04:32 PM
Quote:
Originally Posted by yxlan (Post 5281985)
OK, did some research und nowI know that this file is crucial :-(
But I did not find a description, when this file is created. The timestamp of the file indicates, that the original file was somehow deleted and that a new file was created. So my question to avoid this in the future: when does encfs build this file?
The file is created when encfs is first used to mount the directory. It isn't changed after that.

Quote:
When encfs finds some .encfs6.xml, does it just show those files and directories that can sucessfully be de-crypted using the data found in .encfs6.xml?
Yes, that is exactly how it works. There appears to be some sort of signature encoded into the filename so that it can determine which ones are to be mounted at the decrypt mountpoint.


All times are GMT -5. The time now is 03:31 PM.