Enc FS - Secondary Volumes

Secondary Volumes

EncFS supports a somewhat primitive form of secondary volumes, that is, a single source directory offering different files given different passwords.

If EncFS is unable to decrypt a file with the volume key, it is ignored. If EncFS is forced to ignore an invalid password entry, the volume key will decode differently, and hence files will be encrypted and decrypted with a different key. This will present two different encrypted volumes given different passwords.

However, it is possible that two filenames on two different secondary volumes will be encrypted to the same filename. In this case, any other file will be overwritten with a new file being created. Note that this refers only to the encrypted filenames, not the unencrypted filenames. This danger can be averted by creating one directory per secondary volume and storing files in the only visible directory after a secondary volume is mounted.

Also, if the password is changed, the volume key will be re-encoded with the new password. This will cause secondary filesystems to vanish, as the volume key will no longer incorrectly decode to the same key for a given secondary password. If the primary password is changed back, the secondary filesystems will become available again.

The EncFS author does not support this technique.