New feature: Original filename in encrypted file

Discussion related to AES Crypt, the file encryption software for Windows, Linux, Mac, and Java.
Post Reply
User avatar
pelle
Posts: 6
Joined: Wed Jan 27, 2016 5:54 pm

New feature: Original filename in encrypted file

Post by pelle »

Hi,
Feature request for the next file format:
include the original filename

Rational:
Sometimes it's useful to change the filename after encryption to improve security or just to make it possible to click on e.g. an encrypted image in a browser window without side effects.

I tested encrypting the image DSC_0312.JPG and got a file named DSC_0312.JPG.aes

If I do a file listing at my website and click on the encrypted file my browser tries to show the encrypted image! I get an error message stating that the image cannot be displayed because it contains errors ...

To be able to simply download, decrypt and view the file I must rename the encrypted file in a way that removes the jpg-extension completely. But I must rename the file back before or after I decrypt it, to get the jpeg-file back. Otherwise I just get a file with the obfuscated name, but with the aes-extension removed.

If the original filename was kept in the encrypted file, it could easily be restored during decryption.
User avatar
paulej
Posts: 595
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: New feature: Original filename in encrypted file

Post by paulej »

I don't understand the problem. AES Crypt doesn't care what the file is named.

When you encrypted a file named "foo.jpg", the resulting AES Crypt file will be "foo.jpg.aes" by default.

When you decrypt a file named "foo.jpg.aes", the resulting file will be "foo.jpg".

The only error some people get is the one where AES Crypt will indicate that "foo.jpg" already exists. And if you still have the original file in the directory where you're decrypting, that would be a valid error.

Maybe the problem is with how the file is offered to the browser? You should have .aes files configured as media type (formerly "MIME type") "application/octet-stream". If it assumes text/plain, them you'll certainly get a screen full of garbage.

You might also need to set the HTTP header "Content-Disposition: attachment". If you put a .zip file on your server, I assume it offers to download the file. You'd want to configure .aes extensions in the same way .zip is configured.
User avatar
pelle
Posts: 6
Joined: Wed Jan 27, 2016 5:54 pm

Re: New feature: Original filename in encrypted file

Post by pelle »

Hi paulej,
yes, you're right. There's nothing wrong with AES Crypt.

I just wanted to illustrate one situation when you might want to rename the file after encryption. Obviously, a more common situation would be when you would like to obfuscate the filename to increase security. It would be convenient if the original filename could be restored on decryption of the file, just as it works with e.g. GnuPG. I often use a batch file with: gpg --decrypt-files --use-embedded-filename %1

If the original filename would be saved in the encrypted AES-file on encryption, something similar might be implemented. Maybe the best would be if the original filename would be restored as default.
User avatar
paulej
Posts: 595
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: New feature: Original filename in encrypted file

Post by paulej »

Understood. I've had that request before, but then others have expressed that they like the fact the name isn't preserved. In fact, there is some plaintext metadata in the .aes file header that folks asked to have added and others want it removed.

The challenge is each of these competing options leads to more code and higher complexity. What worries me most is complexity for the user.
Post Reply