eCryptfs Encryption Layer

Picolo.net HD1 takes advantage of kernel-integrated cryptography to encrypt media on-the-fly as they are written on external USB storage by means of the eCryptfs1 www.ecryptfs.org kernel module. Files will then be encrypted with either AES-128 or AES-256, using Cipher Feedback mode (CFB), each file with its own “session key” (known as the File Encryption Key or FEK in eCryptfs codebase and documentation [1]).

One file, one key

Granting each file its own decryption key makes decryption of a new file hard even for an attacker who has access to a large stock of previously encrypted files and their decrypted counterpart. In order to keep the decryption manageable, eCryptfs does not presume that the recipient of the files will know all those keys, but instead encrypts the key with a “master key” (the File Encryption Keys Encryption Key – or FEKEK) according to the well-established PGP algorithms [3] (as described in IETF RFC2440).

To break the master key (and be able to decrypt a new file), the attacker would now need a large stock of session keys, both encrypted and decrypted.

Transparent File Management

Unlike many cryptography file-systems, which encrypt or decrypt blocks of the disk device, eCryptfs is an overlay that can be applied on any file-system technology (preferably with long file name support). This means files can still be moved, archived, organized, keeping their name and timestamps, shared to other systems and still be decrypted because each file is an autonomous container with the encrypted data and information on how to decrypt it for the intended recipient.

While the decryption process appears as “mounting” a folder in the file system on Linux platforms, it is perfectly possible for third-party applications to perform the same operations using a PGP library and some knowledge about the layout of eCryptfs files.

Simple management with Passphrase Mode

The most convenient mode of operation of eCryptfs consists in producing the master key internally from a character string known as the pass phrase. A passphrase being just a longer version of a password. PGP algorithms feature string-to-key functions that will combine hashing and cryptographic functions to produce a high-entropy, constant-sized key from that phrase, and ensure that the reverse is impossible to get. To make brute force attacks harder, some steps of that string-to-key are repeated multiple times.