docs: names longer than 175 bytes (not 176) are stored in longnames

Quoting fusefrontend_reverse/node_helpers.go :

	// File names are padded to 16-byte multiples, encrypted and
	// base64-encoded. We can encode at most 176 bytes to stay below the 255
	// bytes limit:
	// * base64(176 bytes) = 235 bytes
	// * base64(192 bytes) = 256 bytes (over 255!)
	// But the PKCS#7 padding is at least one byte. This means we can only use
	// 175 bytes for the file name.

Noticed by @bailey27 at https://github.com/rfjakob/gocryptfs/issues/499#issuecomment-955790427
This commit is contained in:
Jakob Unterwurzacher 2021-11-01 14:44:32 +01:00
parent 87a6bb370a
commit d530fbd400
3 changed files with 6 additions and 5 deletions

View File

@ -318,9 +318,10 @@ the directories. Example:
gocryptfs -ko noexec /tmp/foo /tmp/bar gocryptfs -ko noexec /tmp/foo /tmp/bar
#### -longnames #### -longnames
Store names longer than 176 bytes in extra files (default true) Store names that are longer than 175 bytes in extra files (default true).
This flag is useful when recovering old gocryptfs filesystems using
"-masterkey". It is ignored (stays at the default) otherwise. This flag is only useful when recovering very old gocryptfs filesystems (gocryptfs v0.8 and earlier)
using "-masterkey". It is ignored (stays at the default) otherwise.
#### -nodev #### -nodev
See `-dev, -nodev`. See `-dev, -nodev`.

View File

@ -163,7 +163,7 @@ func parseCliOpts(osArgs []string) (args argContainer) {
flagSet.BoolVar(&args.quiet, "quiet", false, "Quiet - silence informational messages") flagSet.BoolVar(&args.quiet, "quiet", false, "Quiet - silence informational messages")
flagSet.BoolVar(&args.nosyslog, "nosyslog", false, "Do not redirect output to syslog when running in the background") flagSet.BoolVar(&args.nosyslog, "nosyslog", false, "Do not redirect output to syslog when running in the background")
flagSet.BoolVar(&args.wpanic, "wpanic", false, "When encountering a warning, panic and exit immediately") flagSet.BoolVar(&args.wpanic, "wpanic", false, "When encountering a warning, panic and exit immediately")
flagSet.BoolVar(&args.longnames, "longnames", true, "Store names longer than 176 bytes in extra files") flagSet.BoolVar(&args.longnames, "longnames", true, "Store names longer than 175 bytes in extra files")
flagSet.BoolVar(&args.allow_other, "allow_other", false, "Allow other users to access the filesystem. "+ flagSet.BoolVar(&args.allow_other, "allow_other", false, "Allow other users to access the filesystem. "+
"Only works if user_allow_other is set in /etc/fuse.conf.") "Only works if user_allow_other is set in /etc/fuse.conf.")
flagSet.BoolVar(&args.reverse, "reverse", false, "Reverse mode") flagSet.BoolVar(&args.reverse, "reverse", false, "Reverse mode")

View File

@ -14,7 +14,7 @@ const (
// This flag is mandatory since gocryptfs v1.0, // This flag is mandatory since gocryptfs v1.0,
// except when XChaCha20Poly1305 is used. // except when XChaCha20Poly1305 is used.
FlagGCMIV128 FlagGCMIV128
// FlagLongNames allows file names longer than 176 bytes. // FlagLongNames allows file names longer than 175 bytes.
FlagLongNames FlagLongNames
// FlagLongNameMax sets a custom name length limit, names longer than that // FlagLongNameMax sets a custom name length limit, names longer than that
// will be hashed. // will be hashed.