I just started looking into gocryptfs as a new method to encrypt offsite backups with the reverse option, and so far I am loving it. I have noticed one strange thing, and can't find a report for it here.

If I make a normal gocryptfs filesystem, and put some files in it, I can set extended attributes on those files which get encrypted and stored as extended attributes on the encrypted files. But if I mount with -reverse a directory with files that have extended attributes, they don't show up in the encrypted form.

Tested with the latest release downloaded from github, which is gocryptfs v2.4.0 without_openssl; go-fuse v2.3.0; 2023-06-10 go1.20.3 linux/amd64

Steps to reproduce:

mkdir source_files
echo test > source_files/test
setfattr -n user.test -v "some text" source_files/test
mkdir encrypted
gocryptfs -init -reverse source_files
# put in a password
gocryptfs -reverse source_files encrypted
# type in that same password
mkdir restore
gocryptfs encrypted/ restore/
# type that password in again
getfattr -d restore/test
# expect to see user.test attribute, but see nothing
getfattr -d encrypted/*
# expected to see encrypted xattr, but see nothing

I expected to see here the encrypted xattr, like this:

# file: u2StuT-0BlmWpMSky53Z2A
user.gocryptfs.mp-jfFcJfIe-Mo97njfygw=0sQEtXBWPY7U0KU2NHB0QlbGLbLY8pQX0x2T10cCEaQ2srTo279y64Po+L6fxZ+g==

But instead see nothing.