Is zbox secure agains storage file tampering?

[vi]

If underlying files of zbox file:// storage are modified by an attacker, what worst can happen?

I expect only [selective, attacker-chosen] data loss, never executed malicious code or injected malicious data when I try to use that storage. If storage continues to work after tampering, I expect newly added data to be as secure as original data. Does it all hold true?

[burmecia]

ZboxFS uses authenticated encryption (AEAD) before saving data to storage, that is, any malicious modification will cause decryption failure. But how much worse depends on which part has been tampered.

• If super block is modified, this is critical so your repo won't be able to open.
• If wal block is modified, this may or may not cause repo open failure.
• If index block is modified, the directory or file used that block will be corrupted.
• If data block is modified, the directory or file used that block will be corrupted.

In any cases, ZboxFS will never execute data in the repo because any data is treated as plain bytes. Attackers can never inject any data into the repo without encryption key. If you're lucky, the repo may continues to work after tampering, any new data still be secured but some old data may be corrupted. When you read that corrupted file or directory, decryption error will happen.

Simply put, attackers can fully or partially damage the repo, but they cannot inject any data into the repo without being noticed.

[vi]

So there's nothing like encryption settings (which can be set to "no encryption") in the superblock? (like attacker editing .encfs6.xml in encfs)

[burmecia]

No, there's no such settings. Everything must be encrypted before writing to storage, no exception.