Gocryptfs: Filename length on ecryptfs-encrypted home directory (Linux Mint)
Hey everyone,
I installed gocryptfs 1.2 on Mint (installed via gocryptfs_1.2-2ubuntu1_amd64.deb).
Most things work great, so far. However, filenames that are longer than ~120 characters won't copy to the mount folder.
Here's the error message I got: From what I read, gocryptfs should be able to easily handle such a file name lenght.
I tried Cryfs (which creates too many files for my taste), and I have no issue with long file names there.
format0
All 21 comments
Should be no problem, yes. And it seems to be working fine here. Your example filename encrypts to 192 bytes:
$ ls crypt mnt
mnt:
'Are People Prejudiced Against Women? Some Answers From Research on Attitudes, Gender Stereotypes, and Judgments of Competence.pdf'
crypt:
AiMnQkaQBts-JSc_bHXFcPRIooRDHzaEdWWXBQw0JKAlXcLYBNnlNB-Plaf0KHiHCyvi1S2QpV2vN45ulb3ZRaw4nbY2KlU7YbXHbHTTfy_AgH92udlGdmZHgiaSG_1atZPfM7tRKRRYGU1G5wDO57492FNRPlhF6SSqvScKIN3HLnJpHFIfetotjmop-9bO
gocryptfs.conf
gocryptfs.diriv
What kind of filesystem is your ciphertext directory stored on?
rfjakob
on 5 Apr 2017
It's in my Dropbox folder in my encrypted home directory, so it's technically on an "ecryptfs".
"/" is ext4.
FUSE is on version 2.9.4-1ubuntu3.1, Kernel is 4.8.0-46-generic
format0
on 5 Apr 2017
Oh, so that's the reason. ecryptfs is limited to 143 characters!
rfjakob
on 5 Apr 2017
I see .. But why does it work if I copy the file to my home directory? I only get the error message if I try to copy it into the gocryptfs mount dir.
format0
on 5 Apr 2017
The filename gets longer when it gets encrypted!
rfjakob
on 5 Apr 2017
Ahh. Just to get it right .. the problem is that gocryptfs creates a filename that is too long for my encrypted home dir?
..edited because of wrong statement..
format0
on 5 Apr 2017
Yes exactly.
Are you saying
touch AiMnQkaQBts-JSc_bHXFcPRIooRDHzaEdWWXBQw0JKAlXcLYBNnlNB-Plaf0KHiHCyvi1S2QpV2vN45ulb3ZRaw4nbY2KlU7YbXHbHTTfy_AgH92udlGdmZHgiaSG_1atZPfM7tRKRRYGU1G5wDO57492FNRPlhF6SSqvScKIN3HLnJpHFIfetotjmop-9bO
works in your home directory?
rfjakob
on 5 Apr 2017
Naa, sorry. My mistake.
My home is limited to exactly 143 characters, I just tested it.
When using gocryptfs, max filename length is reduced to about 125 characters--otherwise the encrypted filename becomes too long.
The reason it didn't happen with cryfs seems to be that it splits the original file into smaller segments, each with shorter names.
I guess I have to rename all my PDFs or use unencrypted filenames... there's probably not much to do about this, unless encrypted filenames were shorter, and the full encrypted filenames were saved in a separate file
format0
on 5 Apr 2017
I'd recommend to use gocryptfs directly on ext4. You'll get full 255 bytes filenames because gocryptfs does, in fact, store longer encrypted names in separate files.
rfjakob
on 5 Apr 2017
Great, I'll try that. Thanks a lot for your help!!
format0
on 5 Apr 2017
Ok, you're welcome!
rfjakob
on 5 Apr 2017
I'm sorry for bringing up this old issue again but @rfjakob, you said:
I'd recommend to use gocryptfs directly on ext4. You'll get full 255 bytes filenames because gocryptfs does, in fact, store longer encrypted names in separate files.
At the moment I'm unable to sync my gocryptfs files with Nextcloud (which is an issue with Nextcloud - not gocryptfs :)), because the filenames exceeds the 255 bytes limit.
What do you mean with "store longer encrypted names in separate files"? Will gocryptfs "reduce" the size of the encrypted filename by splitting it? If yes, Is this limit configurable?
TIA!
jaltek
on 20 Dec 2017
Hi, gocryptfs should never create filenames >255 bytes. So if you are getting longer filenames, this is a bug in gocryptfs!
Yes gocryptfs splits filenames that become too long due to encryption. The limit is 255 and not configurable.
rfjakob
on 20 Dec 2017
No - gocryptfs doesn't but Nextcloud does during the upload. It extends the filename by adding ".ocTransferId.
Ok, good to know. Thanks anyway :)
jaltek
on 20 Dec 2017
If this max_filename_length would be configurable, it would allow people to use it on eCryptfs as well (not that I recommend the latter, just wondering how easy it would be to have this limit configurable).
pepa65
on 30 Jan 2018
If this max_filename_length would be configurable, it would allow people to use it on eCryptfs as well (not that I recommend the latter, just wondering how easy it would be to have this limit configurable).
As there was no answer at all, I'm wondering if this is a considerable option? I made experiences with several providers of online storage (e.g. strato hidrive) who limit the length of filenames, which prevents me from backing up my encrypted data there.
richard-dg
on 17 Feb 2019
Hmm, what's the limit on hidrive?
rfjakob
on 17 Feb 2019
Hmm, what's the limit on hidrive?
It's 251 characters for files and 1020 characters for paths.
https://www.strato.de/faq/cloud-speicher/wie-richte-ich-rsync-ein/
(only found it in German)
richard-dg
on 17 Feb 2019
You should be fine. The longest file name that gocryptfs creates is 235 characters:
Plain length -> Encrypted length
1 22
2 22
3 22
4 22
5 22
6 22
7 22
8 22
9 22
10 22
11 22
12 22
13 22
14 22
15 22
16 43
17 43
18 43
19 43
20 43
21 43
22 43
23 43
24 43
25 43
26 43
27 43
28 43
29 43
30 43
31 43
32 64
33 64
34 64
35 64
36 64
37 64
38 64
39 64
40 64
41 64
42 64
43 64
44 64
45 64
46 64
47 64
48 86
49 86
50 86
51 86
52 86
53 86
54 86
55 86
56 86
57 86
58 86
59 86
60 86
61 86
62 86
63 86
64 107
65 107
66 107
67 107
68 107
69 107
70 107
71 107
72 107
73 107
74 107
75 107
76 107
77 107
78 107
79 107
80 128
81 128
82 128
83 128
84 128
85 128
86 128
87 128
88 128
89 128
90 128
91 128
92 128
93 128
94 128
95 128
96 150
97 150
98 150
99 150
100 150
101 150
102 150
103 150
104 150
105 150
106 150
107 150
108 150
109 150
110 150
111 150
112 171
113 171
114 171
115 171
116 171
117 171
118 171
119 171
120 171
121 171
122 171
123 171
124 171
125 171
126 171
127 171
128 192
129 192
130 192
131 192
132 192
133 192
134 192
135 192
136 192
137 192
138 192
139 192
140 192
141 192
142 192
143 192
144 214
145 214
146 214
147 214
148 214
149 214
150 214
151 214
152 214
153 214
154 214
155 214
156 214
157 214
158 214
159 214
160 235
161 235
162 235
163 235
164 235
165 235
166 235
167 235
168 235
169 235
170 235
171 235
172 235
173 235
174 235
175 235
176 67
177 67
178 67
179 67
180 67
181 67
182 67
183 67
184 67
185 67
186 67
187 67
188 67
189 67
190 67
191 67
192 67
193 67
194 67
195 67
196 67
197 67
198 67
199 67
200 67
201 67
202 67
203 67
204 67
205 67
206 67
207 67
208 67
209 67
210 67
211 67
212 67
213 67
214 67
215 67
216 67
217 67
218 67
219 67
220 67
221 67
222 67
223 67
224 67
225 67
226 67
227 67
228 67
229 67
230 67
231 67
232 67
233 67
234 67
235 67
236 67
237 67
238 67
239 67
240 67
241 67
242 67
243 67
244 67
245 67
246 67
247 67
248 67
249 67
250 67
251 67
252 67
253 67
254 67
255 67
Cool, thanks. Anyway I ran into trouble with the path length. 1020 characters for a whole path is not much. Of course I'm aware that the problem is on strato's end. But on the other hand it's easier to ask here you than to at strato's. ;-)
richard-dg
on 17 Feb 2019
Affects NTFS mounts as well. Looking at MS-Docs, MAX_PATH is limited to 260 characters which probably explains why I receive an error attempting to copy from EXT4 to NTFS.
savchenko
on 15 Jul 2019
Related issues
ccchan234
路
8Comments
madbolter
路
15Comments
slackner
路
14Comments
lechner
路
18Comments
emreuenal
路
12Comments
Most helpful comment
I'd recommend to use gocryptfs directly on ext4. You'll get full 255 bytes filenames because gocryptfs does, in fact, store longer encrypted names in separate files.