Encrypted Temp Directory¶
The EncryptedTempDirectory
class is designed for when you need a
directory whose contents are encrypted by eCryptfs,
but you would also like to take advantage of the features of in-memory-only
directories, such as increased access speed and automatic deletion (e.g. when
you’re unpacking a CRX).
To understand this class fully, please also read the documentation on the
TemporaryDirectory
class.
-
class
crx_unpack.encrypted_dir.
EncryptedTempDirectory
(*, upper_dir, **kwargs)[source]¶ Bases:
tempfile.TemporaryDirectory
Create and return an encrypted temporary directory.
This behaves similarly to
TemporaryDirectory
, except for the following:- It requires that an “upper directory” be specified, which will be the mount point used by eCryptfs to mount the encrypted directory to the filesystem.
- It creates two files in ~/.ecryptfs required to mount the directory
(both of which are deleted when this object is):
- ALIAS.sig - Contains the signatures for the FEK and FNEK encryption keys.
- ALIAS.conf - Contains fstab-style information for which directory eCryptfs should mount and where.
In the above notes, ALIAS (which is a term used in the eCryptfs documentation, see links below) will be the name of the created temp directory, accessible as the basename of
self.name
.To use an
EncryptedTempDirectory
object, it’s best to use it with awith
clause, like so:with EncryptedTempDirectory(upper_dir=upper) as lower: ...
Better yet, use an instance of
TemporaryDirectory
as the upper directory, like this:with TemporaryDirectory() as upper, \ EncryptedTempDirectory(upper_dir=upper) as lower: ...
Note
In the above example, both temporary directories are deleted as soon as the
__exit__()
method is called (triggered by the close of thewith
clause). So make sure that anything you need to do with these objects, you do before leaving thewith
clause.Note
This class depends on eCryptfs, so it will need to be installed on the system to work properly. Similarly, this class depends on the following Unix tools/devices:
head
ecryptfs-add-passphrase
mount
keyctl
/dev/urandom
On Debian/Ubuntu-based systems, you can install these with:
sudo apt-get install coreutils mount keyutils ecryptfs-utils
For more information, see the following resources:
- http://manpages.ubuntu.com/manpages/zesty/en/man1/mount.ecryptfs_private.1.html
- http://manpages.ubuntu.com/manpages/zesty/en/man1/ecryptfs-add-passphrase.1.html
- https://askubuntu.com/questions/574110/how-to-use-ecryptfs-with-a-random-directory/574425#574425
Parameters: - upper_dir (str) – Path where the encrypted directory will be mounted, and where the unencrypted version of the files will be accessible.
- kwargs – Additional parameters to pass to the constructor of the
TemporaryDirectory
class.