From bd78b44389189a57816f9d5be3e4c5fb3c73700f Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 18 Feb 2018 12:41:11 +0100 Subject: [PATCH] cryptocore, main: add two comments While reading the code, I had to think about what it does, so add a comment that explains it. --- internal/cryptocore/cryptocore.go | 3 +++ main.go | 2 ++ 2 files changed, 5 insertions(+) diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index 43cfdbc..e427350 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -53,6 +53,9 @@ type CryptoCore struct { // Even though the "GCMIV128" feature flag is now mandatory, we must still // support 96-bit IVs here because they were used for encrypting the master // key in gocryptfs.conf up to gocryptfs v1.2. v1.3 switched to 128 bits. +// +// Note: "key" is either the scrypt hash of the password (when decrypting +// a config file) or the masterkey (when finally mounting the filesystem). func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDecode bool) *CryptoCore { if len(key) != KeyLen { log.Panic(fmt.Sprintf("Unsupported key length %d", len(key))) diff --git a/main.go b/main.go index 483db6f..acaa205 100644 --- a/main.go +++ b/main.go @@ -67,6 +67,8 @@ func changePassword(args *argContainer) { newPw := readpassword.Twice(args.extpass) readpassword.CheckTrailingGarbage() confFile.EncryptKey(masterkey, newPw, confFile.ScryptObject.LogN()) + // Are we resetting the password without knowing the old one using + // "-masterkey"? if args.masterkey != "" { bak := args.config + ".bak" err = os.Link(args.config, bak)