From 6d64dfe8f7acd8e9ca4a659d26318e442c2db85a Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Tue, 26 Jun 2018 20:44:10 +0200 Subject: [PATCH] Only print masterkey once on -init It is no longer printed at all when mounting a filesystem, printing on -init can be disabled with -q. https://github.com/rfjakob/gocryptfs/issues/76 --- internal/configfile/config_file.go | 1 + internal/tlog/log.go | 37 +++++++++++++++++++++++++++++ masterkey.go | 38 ------------------------------ 3 files changed, 38 insertions(+), 38 deletions(-) diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index c856ad0..1e48c97 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -104,6 +104,7 @@ func Create(filename string, password []byte, plaintextNames bool, } else { key = cryptocore.RandBytes(cryptocore.KeyLen) } + tlog.PrintMasterkeyReminder(key) // Encrypt it using the password // This sets ScryptObject and EncryptedKey // Note: this looks at the FeatureFlags, so call it AFTER setting them. diff --git a/internal/tlog/log.go b/internal/tlog/log.go index 1c80911..9277abd 100644 --- a/internal/tlog/log.go +++ b/internal/tlog/log.go @@ -3,6 +3,7 @@ package tlog import ( + "encoding/hex" "encoding/json" "fmt" "log" @@ -144,3 +145,39 @@ func SwitchLoggerToSyslog(p syslog.Priority) { log.SetOutput(w) } } + +// PrintMasterkeyReminder reminds the user that he should store the master key in +// a safe place. +func PrintMasterkeyReminder(key []byte) { + if !Info.Enabled { + // Quiet mode + return + } + if !terminal.IsTerminal(int(os.Stdout.Fd())) { + // We don't want the master key to end up in a log file + Info.Printf("Not running on a terminal, suppressing master key display\n") + return + } + h := hex.EncodeToString(key) + var hChunked string + // Try to make it less scary by splitting it up in chunks + for i := 0; i < len(h); i += 8 { + hChunked += h[i : i+8] + if i < 52 { + hChunked += "-" + } + if i == 24 { + hChunked += "\n " + } + } + Info.Printf(` +Your master key is: + + %s + +If the gocryptfs.conf file becomes corrupted or you ever forget your password, +there is only one hope for recovery: The master key. Print it to a piece of +paper and store it in a drawer. This message is only printed once. + +`, ColorGrey+hChunked+ColorReset) +} diff --git a/masterkey.go b/masterkey.go index 1b4d9c3..42a27be 100644 --- a/masterkey.go +++ b/masterkey.go @@ -5,8 +5,6 @@ import ( "os" "strings" - "golang.org/x/crypto/ssh/terminal" - "github.com/rfjakob/gocryptfs/internal/configfile" "github.com/rfjakob/gocryptfs/internal/cryptocore" "github.com/rfjakob/gocryptfs/internal/exitcodes" @@ -14,38 +12,6 @@ import ( "github.com/rfjakob/gocryptfs/internal/tlog" ) -// printMasterKey - remind the user that he should store the master key in -// a safe place -func printMasterKey(key []byte) { - if !terminal.IsTerminal(int(os.Stdout.Fd())) { - // We don't want the master key to end up in a log file - tlog.Info.Printf("Not running on a terminal, suppressing master key display\n") - return - } - h := hex.EncodeToString(key) - var hChunked string - // Try to make it less scary by splitting it up in chunks - for i := 0; i < len(h); i += 8 { - hChunked += h[i : i+8] - if i < 52 { - hChunked += "-" - } - if i == 24 { - hChunked += "\n " - } - } - tlog.Info.Printf(` -Your master key is: - - %s - -If the gocryptfs.conf file becomes corrupted or you ever forget your password, -there is only one hope for recovery: The master key. Print it to a piece of -paper and store it in a drawer. Use "-q" to suppress this message. - -`, tlog.ColorGrey+hChunked+tlog.ColorReset) -} - // parseMasterKey - Parse a hex-encoded master key that was passed on the command line // Calls os.Exit on failure func parseMasterKey(masterkey string, fromStdin bool) []byte { @@ -106,9 +72,5 @@ func getMasterKey(args *argContainer) (masterkey []byte, confFile *configfile.Co if !args.trezor { readpassword.CheckTrailingGarbage() } - if !args.fsck { - // We only want to print the masterkey message on a normal mount. - printMasterKey(masterkey) - } return masterkey, confFile }