* e4crypt - Possible to Change Passphrase?
@ 2017-10-26 23:20 Grochowalski, Matthew (GE Aviation, US)
2017-10-27 2:51 ` Eric Biggers
0 siblings, 1 reply; 2+ messages in thread
From: Grochowalski, Matthew (GE Aviation, US) @ 2017-10-26 23:20 UTC (permalink / raw)
To: linux-ext4@vger.kernel.org
Is it possible to change the passphrase of a folder encrypted using e4crypt set_policy?
Looking through the documentation it appears the answer is no, but I haven't found anything that addresses that specifically.
I'm assuming I'd need to copy everything from one directory to another with a different policy then delete the originals, or generate some random data to use as a passphrase then encrypt that with the actual user passphrase?
Thanks,
--Matt Grochowalski
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: e4crypt - Possible to Change Passphrase?
2017-10-26 23:20 e4crypt - Possible to Change Passphrase? Grochowalski, Matthew (GE Aviation, US)
@ 2017-10-27 2:51 ` Eric Biggers
0 siblings, 0 replies; 2+ messages in thread
From: Eric Biggers @ 2017-10-27 2:51 UTC (permalink / raw)
To: Grochowalski, Matthew (GE Aviation, US)
Cc: linux-ext4@vger.kernel.org, Joe Richey
+Cc Joe Richey <joerichey@google.com>
Hi Matt,
On Thu, Oct 26, 2017 at 11:20:16PM +0000, Grochowalski, Matthew (GE Aviation, US) wrote:
> Is it possible to change the passphrase of a folder encrypted using e4crypt set_policy?
e4crypt doesn't support changing the passphrase because it derives the master
encryption key directly from the passphrase, rather than using the
passphrase-derived key to unwrap another key.
> I'm assuming I'd need to copy everything from one directory to another with a
> different policy then delete the originals,
That's fine as a workaround, although keep in mind you probably should delete
the originals with 'shred' so that the old ciphertext (which is protected only
by the old passphrase) is less likely to still exist on disk.
> use as a passphrase then encrypt that with the actual user passphrase?
Loosely speaking, that approach will work and is actually the proper way to
support passphrase changes. However, implementing key derivation and key
wrapping yourself is error-prone; it's the type of thing that is very easy to
implement insecurely without knowing it. I suggest using the "fscrypt" program
(https://github.com/google/fscrypt) which has implemented this already, with the
wrapped keys stored in a ".fscrypt" directory in the root directory of the
filesystem. It also has many other advantages, such as PAM support, and also
working for f2fs and ubifs. In the future I expect we'll be more aggressively
advertising fscrypt and documenting e4crypt (and f2fscrypt, which is e4crypt
copy+pasted into f2fs-tools) as deprecated. You can ask Joe Richey, who is the
primary author of the fscrypt program, for more details.
Eric
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-10-27 2:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-26 23:20 e4crypt - Possible to Change Passphrase? Grochowalski, Matthew (GE Aviation, US)
2017-10-27 2:51 ` Eric Biggers
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).