From d941b67df4f20393712a2d2e8df2b657b663d226 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 13 Sep 2015 23:06:38 +0200 Subject: [PATCH] Implement password handling --- main.go | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 59 insertions(+), 4 deletions(-) diff --git a/main.go b/main.go index 77b9c10..70928cf 100644 --- a/main.go +++ b/main.go @@ -6,11 +6,14 @@ import ( "os" "path/filepath" "time" + "encoding/hex" "github.com/rfjakob/gocryptfs/cluefs_frontend" "github.com/rfjakob/gocryptfs/pathfs_frontend" "github.com/rfjakob/gocryptfs/cryptfs" + "golang.org/x/crypto/ssh/terminal" + bazilfuse "bazil.org/fuse" bazilfusefs "bazil.org/fuse/fs" @@ -35,6 +38,7 @@ const ( ERREXIT_CIPHERDIR = 6 ERREXIT_INIT = 7 ERREXIT_LOADCONF = 8 + ERREXIT_PASSWORD = 9 ) func main() { @@ -55,11 +59,14 @@ func main() { } dir, _ := filepath.Abs(flag.Arg(0)) filename := filepath.Join(dir, cryptfs.ConfDefaultName) - err := cryptfs.CreateConfFile(filename, "test") + fmt.Printf("Choose a password for protecting your files.\n") + password := readPasswordTwice() + err := cryptfs.CreateConfFile(filename, password) if err != nil { fmt.Println(err) os.Exit(ERREXIT_INIT) } + fmt.Printf("The filesystem is now ready for mounting.\n") os.Exit(0) } if flag.NArg() < 2 { @@ -80,14 +87,20 @@ func main() { _, err = os.Stat(cfname) if err != nil { fmt.Printf("Error: %s not found in CIPHERDIR\n", cryptfs.ConfDefaultName) - fmt.Printf("Please run \"%s --init %s\" first\n", PROGRAM_NAME, cipherdir) + fmt.Printf("Please run \"%s --init %s\" first\n", PROGRAM_NAME, flag.Arg(0)) os.Exit(ERREXIT_LOADCONF) } - key, err := cryptfs.LoadConfFile(cfname, "test") + + fmt.Printf("Password: ") + password := readPassword() + fmt.Printf("\nDecrypting master key... ") + key, err := cryptfs.LoadConfFile(cfname, password) if err != nil { fmt.Println(err) os.Exit(ERREXIT_LOADCONF) } + fmt.Printf("Success\n") + printMasterKey(key) if USE_CLUEFS { cluefsFrontend(key, cipherdir, mountpoint) @@ -96,6 +109,48 @@ func main() { } } +// printMasterKey - remind the user that he should store the master key in +// a safe place +func printMasterKey(key []byte) { + h := hex.EncodeToString(key) + // Make it less scary by splitting it up in chunks + h = h[0:8] + "-" + h[8:16] + "-" + h[16:24] + "-" + h[24:32] + + fmt.Printf(` +WARNING: + If the gocryptfs config file becomes corrupted or you ever + forget your password, there is only one hope for recovery: + The master key. Print it to a piece of paper and store it in a drawer. + + Master key: %s + +`, h) +} + +func readPasswordTwice() string { + fmt.Printf("Password: ") + p1 := readPassword() + fmt.Printf("\nRepeat: ") + p2 := readPassword() + fmt.Printf("\n") + if p1 != p2 { + fmt.Printf("Passwords do not match\n") + os.Exit(ERREXIT_PASSWORD) + } + return p1 +} + +// Get password from terminal +func readPassword() string { + fd := int(os.Stdin.Fd()) + p, err := terminal.ReadPassword(fd) + if err != nil { + fmt.Printf("Error: Could not read password: %s\n") + os.Exit(ERREXIT_PASSWORD) + } + return string(p) +} + func cluefsFrontend(key []byte, cipherdir string, mountpoint string) { cfs, err := cluefs_frontend.NewFS(key, cipherdir, USE_OPENSSL) if err != nil { @@ -158,6 +213,6 @@ func pathfsFrontend(key []byte, cipherdir string, mountpoint string, debug bool) } state.SetDebug(debug) - fmt.Println("Mounted!") + fmt.Println("Mounted.") state.Serve() }