fscrypt.rst - OpenGrok cross reference for /linux-6.14.4/Documentation/filesystems/fscrypt.rst

Lines Matching full:filenames
30 However, except for filenames, fscrypt does not encrypt filesystem
39 inodes are needed.  eCryptfs also limits encrypted filenames to 143
57 protects the confidentiality of file contents and filenames in the
90 plaintext file contents or filenames from other users on the same
137 - In general, decrypted contents and filenames in the kernel VFS
179 greater of the security strength of the contents and filenames
263 suitable for both contents and filenames encryption, and it accepts
272 (contents or filenames) is encrypted, the file's 16-byte nonce is
290 key and a single filenames encryption key.  To still encrypt different
323 plaintext filenames, the KDF is also used to derive a 128-bit
324 SipHash-2-4 key per directory in order to hash filenames.  This works
333 and one encryption mode to be specified for filenames.  Different
341 - AES-256-XTS for contents and AES-256-CBC-CTS for filenames
342 - AES-256-XTS for contents and AES-256-HCTR2 for filenames
343 - Adiantum for both contents and filenames
344 - AES-128-CBC-ESSIV for contents and AES-128-CBC-CTS for filenames
345 - SM4-XTS for contents and SM4-CBC-CTS for filenames
356 or a wide-block cipher.  Filenames encryption uses a
366 upgrades the filenames encryption to use a wide-block cipher.  (A
369 entire result.)  As described in `Filenames encryption`_, a wide-block
411 API, but the filenames mode still does.
514 Filenames encryption
517 For filenames, each full filename is encrypted at once.  Because of
519 filenames of up to 255 bytes, the same IV is used for every filename
527 With CBC-CTS, the IV reuse means that when the plaintext filenames share a
529 corresponding encrypted filenames will also share a common prefix.  This is
533 All supported filenames encryption modes accept any plaintext length
535 filenames shorter than 16 bytes are NUL-padded to 16 bytes before
537 via their ciphertexts, all filenames are NUL-padded to the next 4, 8,
541 not otherwise a valid character in filenames, the padding will never
545 encrypted in the same way as filenames in directory entries, except
610     encrypting filenames.  If unsure, use FSCRYPT_POLICY_FLAGS_PAD_32
673 The filenames in the directory's entries will be encrypted as well.
1235 - Directories may be listed, in which case the filenames will be
1239   guaranteed that the presented filenames will be no longer than
1252   in encrypted form, similar to filenames in directories.  Hence, they
1435 plaintext filenames, since the plaintext filenames are unavailable
1436 without the key.  (Hashing the plaintext filenames would also make it
1438 directories.)  Instead, filesystems hash the ciphertext filenames,
1445 filenames.  Therefore, readdir() must base64url-encode the ciphertext
1446 for presentation.  For most filenames, this works fine; on ->lookup(),
1450 However, for very long filenames, base64url encoding would cause the
1452 actually presents long filenames in an abbreviated form which encodes
1460 Note that the precise way that filenames are presented to userspace
1462 as a way to temporarily present valid filenames so that commands like