Encrypted Temp Directory¶
EncryptedTempDirectory class is designed for when you need a
directory whose contents are encrypted by eCryptfs,
but you would also like to take advantage of the features of in-memory-only
directories, such as increased access speed and automatic deletion (e.g. when
you’re unpacking a CRX).
To understand this class fully, please also read the documentation on the
EncryptedTempDirectory(*, upper_dir, **kwargs)¶
Create and return an encrypted temporary directory.
This behaves similarly to
TemporaryDirectory, except for the following:
- It requires that an “upper directory” be specified, which will be the mount point used by eCryptfs to mount the encrypted directory to the filesystem.
- It creates two files in ~/.ecryptfs required to mount the directory
(both of which are deleted when this object is):
- ALIAS.sig - Contains the signatures for the FEK and FNEK encryption keys.
- ALIAS.conf - Contains fstab-style information for which directory eCryptfs should mount and where.
In the above notes, ALIAS (which is a term used in the eCryptfs documentation, see links below) will be the name of the created temp directory, accessible as the basename of
To use an
EncryptedTempDirectoryobject, it’s best to use it with a
withclause, like so:
with EncryptedTempDirectory(upper_dir=upper) as lower: ...
Better yet, use an instance of
TemporaryDirectoryas the upper directory, like this:
with TemporaryDirectory() as upper, \ EncryptedTempDirectory(upper_dir=upper) as lower: ...
In the above example, both temporary directories are deleted as soon as the
__exit__()method is called (triggered by the close of the
withclause). So make sure that anything you need to do with these objects, you do before leaving the
This class depends on eCryptfs, so it will need to be installed on the system to work properly. Similarly, this class depends on the following Unix tools/devices:
On Debian/Ubuntu-based systems, you can install these with:
sudo apt-get install coreutils mount keyutils ecryptfs-utils
For more information, see the following resources:
- upper_dir (str) – Path where the encrypted directory will be mounted, and where the unencrypted version of the files will be accessible.
- kwargs – Additional parameters to pass to the constructor of the