eCryptfs

Is there a tool to map plaintext and encrypted filenames?

Asked by Sergio Mena

I am rsync'ing my encrypted home directory (to a backup storage). In this process I need to exclude several files and directories (using --exclude option in rsync).
So far I am MANUALLY finding the encrypted filename corresponding to the directory I want to exclude. This works but is time-consuming every time I need to change the list of excluded directories. Besides, it is hard to grasp which (plaintext) directories are being excluded by simply looking at the rsync command-line.

I have just crafted a bash script, ecryptfs-filename-plain2encrypted, that does the job. It uses the fact that the i-node reported for an encrypted file and its plaintext counterpart is the same.

Feel free to distribute/post on your website/provide comments or improvements to this script

Regards,

Sergio Mena

PS Here is the script:

<code>

#!/bin/sh

# Utility script to map plaintext and encrypted filenames
# in an eCryptfs directory
# Sergio Mena. 2011-06-18

#Default values
encryptedroot="`dirname ${HOME}`/.ecryptfs/`basename ${HOME}`/.Private"
plaintextroot="$HOME"

usage()
{
cat << EOF
usage: $0 [options] filename

This script prints the ecryptfs counterpart filename (including path) of the plaintext filename \
passed as argument. Note that the script does not use PWD/CWD to locate the filename. Filename \
is a path to the target file/directory, relative to the plaintext root. Likewise, the resulting \
filename includes the path relative to the encrypted root.

OPTIONS:
   -h show this message
   -e path path to encrypted root path (default: $encryptedroot)
   -p path path to plaintext root path (default: $plaintextroot)
   -s swap root paths. The command effectively takes the opposite effect (i.e., from \
encrypted filename to plaintext).
EOF
}

reverse=0
while getopts "he:p:s" OPTION; do
    case $OPTION in
        h)
            usage
            exit 0
            ;;
        e)
            encryptedroot="$OPTARG"
            ;;
        p)
            plaintextroot="$OPTARG"
            ;;
        s)
            reverse=1
            ;;
        ?)
            usage >&2
            exit 1
            ;;
    esac
done

shift $((OPTIND - 1))

[ -z "$1" ] &&\
    echo "$0: No filename provided" >&2 &&\
    usage >&2 &&\
    exit 2

[ $reverse -eq 1 ] &&\
    aux="${encryptedroot}" &&\
    encryptedroot="${plaintextroot}" &&\
    plaintextroot="${aux}"

currentencryptedpath=
currentplaintextpath=
rest="$1"

while true; do
    nextplaintextdir=`echo ${rest} | sed 's/\/.*$//'`
    rest=`echo ${rest} | sed 's/^[^\/]*\/*//'`
    currentplaintextpath=${currentplaintextpath}/${nextplaintextdir}
    [ ! -e "${plaintextroot}/${currentplaintextpath}" ] &&\
        echo "$0: cannot access $1: No such file or directory" >&2 &&\
        exit 1
    inode=`ls -aid "${plaintextroot}/${currentplaintextpath}" | awk '{print $1}' `
    nextencrypteddir=`ls -ai "${encryptedroot}/${currentencryptedpath}" | \
                      grep ${inode} | awk '{print $2}'`
    [ -z "$nextencrypteddir" ] &&\
        echo "$0: Hmmm strange, no encrypted file/dir corresponds to plaintext file/dir" >&2 &&\
        exit 2
    currentencryptedpath="${currentencryptedpath}/${nextencrypteddir}"
    [ -z "$rest" ] &&\
        ( echo "${currentencryptedpath}" | sed 's/^\///' ) &&\
        exit 0
done

</code>

Question information

Language:
English Edit question
Status:
Answered
For:
eCryptfs Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Gaëtan Duchaussois (gaetan-duchaussois) said : 		#1

You saved my day, thanks! If there is a ecryptfs-way to do it let me know.

Revision history for this message
Dustin Kirkland  (kirkland) said : 		#2

See:
 ecryptfs-find

Can you help with this problem?

Provide an answer of your own, or ask Sergio Mena for more information if necessary.

To post a message you must log in.