Sebastian Lackner
f3c777d5ea
main: Add '-devrandom' commandline option
...
Allows to use /dev/random for generating the master key instead of the
default Go implementation. When the kernel random generator has been
properly initialized both are considered equally secure, however:
* Versions of Go prior to 1.9 just fall back to /dev/urandom if the
getrandom() syscall would be blocking (Go Bug #19274 )
* Kernel versions prior to 3.17 do not support getrandom(), and there
is no check if the random generator has been properly initialized
before reading from /dev/urandom
This is especially useful for embedded hardware with low-entroy. Please
note that generation of the master key might block indefinitely if the
kernel cannot harvest enough entropy.
2017-11-21 23:37:06 +01:00
Jakob Unterwurzacher
e36a0ebf18
main: add "-sharedstorage" flag
...
At the moment, it does two things:
1. Disable stat() caching so changes to the backing storage show up
immediately.
2. Disable hard link tracking, as the inode numbers on the backing
storage are not stable when files are deleted and re-created behind
our back. This would otherwise produce strange "file does not exist"
and other errors.
Mitigates https://github.com/rfjakob/gocryptfs/issues/156
2017-11-12 20:06:13 +01:00
Jakob Unterwurzacher
b3c20e512f
MANPAGE: explain that you may have to pass -aessiv with -masterkey
...
...if the filesystem was created with that option (or reverse
mode).
Mitigates https://github.com/rfjakob/gocryptfs/issues/148
2017-10-19 22:04:46 +02:00
Jakob Unterwurzacher
f0e29d9b90
performance.txt: specify READ tests
2017-09-10 18:42:06 +02:00
Jakob Unterwurzacher
a710451d92
performance.txt: update for v1.4.1 latest commits, and kernel update
...
$ uname -a
Linux brikett 4.12.5-300.fc26.x86_64 #1 SMP Mon Aug 7 15:27:25 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
2017-09-03 14:25:01 +02:00
Jakob Unterwurzacher
26a6e61a46
MANPAGE: update exit codes
...
The exit codes have been documented in CLI_ABI.md for a while,
but they should also be listed in the man page.
Also fix the rendering of "[-o COMMA-SEPARATED-OPTIONS]", where
the square brackets where interpreted as something. Escape all
square brackets to be safe.
2017-08-21 20:53:25 +02:00
Jakob Unterwurzacher
838bf883df
Update performance.txt for Linux kernel upgrade
...
For some reason, writing became a lot faster in Linux 4.11
(scheduler improvements?).
2017-08-15 19:13:00 +02:00
Jakob Unterwurzacher
069647842c
Update performance.txt for to Getdents change
2017-08-15 19:07:08 +02:00
Jakob Unterwurzacher
d5671b785a
docs: label "ENV CHANGE" column
2017-08-15 19:04:02 +02:00
Jakob Unterwurzacher
b3e554acc2
Update performance.txt with new results
...
Massive speed boost for streaming reads.
2017-07-01 10:00:50 +02:00
Jakob Unterwurzacher
2932a285aa
Update performance.txt with new numbers
2017-06-29 23:45:39 +02:00
Jakob Unterwurzacher
dee88f3c4d
Update performance.txt with new numbers
2017-06-29 19:00:16 +02:00
Jakob Unterwurzacher
5c7b5770ce
Update performance numbers
2017-06-20 21:46:27 +02:00
Jakob Unterwurzacher
bfe421b327
MANPAGE: reorder options to match "-hh" output; add "-hkdf", "-trace"
2017-06-20 19:49:18 +02:00
Jakob Unterwurzacher
afc3a8252b
Add performance numbers for v1.3-69-ge52594d
2017-06-11 21:58:01 +02:00
Jakob Unterwurzacher
24a7b1b7b8
Add performance numbers for last change
...
Slight streaming write improvement.
2017-06-11 21:44:24 +02:00
Jakob Unterwurzacher
b5358ea623
performance.txt: add numbers for latest change
...
Also, get rid of the half-empty line.
2017-06-09 22:13:23 +02:00
Jakob Unterwurzacher
53b7c17261
Don't cap GOMAXPROCS at 4.
...
Before Go 1.5, GOMAXPROCS defaulted to 1, hence it made
sense to unconditionally increase it to 4.
But since Go 1.5, GOMAXPROCS defaults to the number of cores,
so don't keep it from increasing above 4.
Also, update the performance numbers.
2017-06-01 20:55:13 +02:00
Charles Duffy
cf1ded5236
Implement force_owner option to display ownership as a specific user.
2017-06-01 00:26:17 +02:00
Jakob Unterwurzacher
1e598e96fc
main: add "-info" option
...
Pretty-prints the config while stripping out sensitive
(and uninteresting) data
https://github.com/rfjakob/gocryptfs/issues/111
2017-05-30 19:01:32 +02:00
Jakob Unterwurzacher
bfc8d47747
doc: add performance numbers for 1.3-27
2017-05-25 21:30:58 +02:00
Jakob Unterwurzacher
86c06fc172
doc: CLI_ABI.md: fix exitcodes.go link
...
Needs a leading "..".
2017-05-14 14:35:46 +02:00
Jakob Unterwurzacher
22bac16201
doc: update CLI_ABI.md with new exit codes
...
All exit codes that are likely to occour are listed.
2017-05-14 14:34:50 +02:00
Jakob Unterwurzacher
3409ade272
forcedecode: tighten checks
...
...and fix a few golint issues and print a scary warning message on mount.
Also, force the fs to ro,noexec.
2017-04-24 00:25:02 +02:00
danim7
f1945c4daa
Add -forcedecode
...
Force decode of encrypted files even if the integrity check fails, instead of
failing with an IO error. Warning messages are still printed to syslog if corrupted
files are encountered.
It can be useful to recover files from disks with bad sectors or other corrupted
media.
Closes https://github.com/rfjakob/gocryptfs/pull/102 .
2017-04-23 23:11:56 +02:00
Jakob Unterwurzacher
602f62b821
MANPAGE: reformat to GFM (github flavored markdown)
...
This makes it render properly on the github webinterface.
2017-03-28 19:55:46 +02:00
Jakob Unterwurzacher
912ef72cc8
MANPAGE: fix alphabetical order and expand scryptn explaination
2017-03-25 19:54:50 +01:00
danim7
40f0a8ee72
Further explain the use of 'scryptn' parameter ( #94 )
...
* Further explain the use of 'scryptn' parameter
* Further explain the use of 'scryptn' parameter in MANPAGE
* Use 28 as reasonable upper limit
2017-03-25 18:22:08 +01:00
Jakob Unterwurzacher
1ff4ae56c1
README: use pre-rendered PNG logo
...
This keeps the README working even if nuetzlich.net is unavailable.
We use a PNG because github disallows embedding local SVGs.
2017-03-25 14:22:07 +01:00
Jakob Unterwurzacher
b78c3bd516
MANPAGE: document "-serialize_reads"
2017-03-19 20:23:49 +01:00
Jakob Unterwurzacher
61502f9b94
benchmark: add md5sum read performance benchmark
2017-03-18 16:23:33 +01:00
rfjakob
c304626a47
CLI_ABI: smaller markdown subheadings
...
The old ones were rendered by github almost as big as the parent headings.
2017-03-01 23:31:03 +01:00
Jakob Unterwurzacher
98ecf1f074
MANPAGE: document "-speed"
2017-02-26 19:34:23 +01:00
Jakob Unterwurzacher
f2920f71e8
MANPAGE: document error code 12
2017-02-26 19:30:28 +01:00
Jakob Unterwurzacher
54caaf4b98
Add CLI ABI documentation
...
Closes https://github.com/rfjakob/gocryptfs/issues/77
2017-02-12 19:20:21 +01:00
Jakob Unterwurzacher
1e9d735406
Document "--" to stop option parsing in help text + man page
2017-02-12 12:49:04 +01:00
Jakob Unterwurzacher
6166dad05c
readpassword: support spaces in "-passfile" filename
...
...and while we are at it, also filenames starting with "-".
2017-01-29 00:34:12 +01:00
Jakob Unterwurzacher
de200aad72
main: add "-fsname" option
...
As requested in https://github.com/rfjakob/gocryptfs/issues/73 .
2017-01-26 22:13:57 +01:00
Jakob Unterwurzacher
cb5426e8ee
performance.txt: add numbers for current gocryptfs master and encfs v1.9.1
2016-11-26 12:46:58 +01:00
Jakob Unterwurzacher
10884603d8
benchmark.bash: double write length
...
Writing 1000 128KB blocks takes only 1 second and yielded
inconsistent results. With 2000, things look saner.
2016-11-26 12:36:55 +01:00
Jakob Unterwurzacher
0f8d3318a3
main, fusefrontend: add "-noprealloc" option
...
Preallocation is very slow on hdds that run btrfs. Give the
user the option to disable it. This greatly speeds up small file
operations but reduces the robustness against out-of-space errors.
Also add the option to the man page.
More info: https://github.com/rfjakob/gocryptfs/issues/63
2016-11-25 09:19:14 +01:00
Jakob Unterwurzacher
081015aa74
MANPAGE: document ctlsock
2016-11-11 00:01:29 +01:00
Jakob Unterwurzacher
b527e205e2
main: rename "-f" to "-fg"
...
"-f" looks too much like "--force". The old variant is still
accepted for compatability.
2016-11-01 19:00:45 +01:00
Jakob Unterwurzacher
d6678f73b4
MANPAGE: document -raw64
2016-11-01 18:53:42 +01:00
Jakob Unterwurzacher
d41492bcbc
MANPAGE: update version field description
2016-11-01 18:30:32 +01:00
Jakob Unterwurzacher
75b776cb3d
MANPAGE: add reverse example, move "-o" into alphabetical list
...
People will search for "-o" alphabetically, so put it into the
alphabetical option list, even if it is not a real option.
2016-11-01 15:55:05 +01:00
Jakob Unterwurzacher
e993fd5fbc
packakge.bash: include rendered man page in tarball
2016-11-01 15:43:33 +01:00
Jakob Unterwurzacher
86afaee200
MANPAGE: prettify plain-text formatting
2016-10-21 00:05:56 +02:00
Jakob Unterwurzacher
c487e176bd
main: allow password change with -masterkey
...
Requested at https://github.com/rfjakob/gocryptfs/issues/28
2016-10-16 18:17:28 +02:00
Jakob Unterwurzacher
40420cb4cd
Update performance.txt for v1.1 release
2016-10-09 23:19:08 +02:00
Jakob Unterwurzacher
e1c5e71b09
main: add "-passfile" option
...
Make it easier to read the password from a file. Internally this
is equivalent to "-extpass /bin/cat FILE".
2016-10-09 20:08:10 +02:00
Jakob Unterwurzacher
9cf3ced0ce
main: also accept options at the end via "-o"
...
For compatability with mount(1), options are also accepted as
"-o COMMA-SEPARATED-OPTIONS" at the end of the command line.
For example, "-o q,zerokey" is equivalent to "-q -zerokey".
2016-10-09 20:05:54 +02:00
Jakob Unterwurzacher
25a8802403
main: rename "-o" option to "-ko"
...
This prevents confusion with the "-o" options that is passed
by mount(1) at the end of the command line.
2016-10-09 19:32:55 +02:00
Jakob Unterwurzacher
9b1a35174b
MANPAGE: note that "-f" implies "-nosyslog"
...
Also explain why AES-SIV exists.
2016-10-07 23:02:04 +02:00
Jakob Unterwurzacher
434ce50db3
main: add "-nonempty" option
2016-10-06 22:41:13 +02:00
Jakob Unterwurzacher
e9bb8b800c
reverse: switch from GCM-SIV to AES-SIV
...
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
2016-09-26 23:25:13 +02:00
Jakob Unterwurzacher
2050c7f3b3
reverse: add gcmsiv flag and associated tests
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
77e7abdf8c
XFSTESTS.md: add output from latest fuse-xfstests
...
fuse-xfstests is regularily rebased to xfstests master.
2016-07-03 22:15:59 +02:00
Jakob Unterwurzacher
a8a0d2d92c
MANPAGE: note that "-plaintextnames" disables symlink encryption
...
This is no change in behavoir, just a clarification in the man page.
2016-06-26 23:08:25 +02:00
Jakob Unterwurzacher
15b88756ad
main: add "-o" option to enable "suid" and "dev"
...
Device files and suid binaries are often not needed when running
gocryptfs as root. As they are potentially dangerous, let the
user enable them explicitely via the new "-o" option instead of
always enabling them when running as root.
2016-06-26 23:03:18 +02:00
Jakob Unterwurzacher
b558901e66
Drop deprecated "-gcmiv128" option
...
The GCMIV128 feature flag is already mandatory, dropping the command
line option is the final step.
Completes https://github.com/rfjakob/gocryptfs/issues/29 .
2016-06-23 22:10:19 +02:00
Jakob Unterwurzacher
3d59a72ba9
Drop deprecated "-emenames" option
...
The EMENames feature flag is already mandatory, dropping the command
line option is the final step.
2016-06-23 21:56:50 +02:00
Jakob Unterwurzacher
b17f0465c7
Drop deprecated "-diriv" option
...
The DirIV feature flag is already mandatory, dropping the command
line option is the final step.
2016-06-23 21:38:59 +02:00
Jakob Unterwurzacher
1dcafb99ff
main: drop "on-disk format" from -version output, add Go version
...
As v0.4 introduced ext4-style feature flags, the on-disk format version
is unlinkely to change. Drop it from the version output to reduce
clutter. Use "gocryptfs -version -debug" to see it.
Add the Go version string because only Go 1.6 and newer have an optimized
AES-GCM implementation. This will help users to understand the performance
of their build.
2016-06-19 19:33:15 +02:00
Jakob Unterwurzacher
82d87ff8ed
Add "-ro" (read-only) flag
...
From the man page:
**-ro**
: Mount the filesystem read-only
Also add a test.
2016-06-16 21:29:22 +02:00
Jakob Unterwurzacher
f030123ab5
Add performance numbers for v0.11
2016-06-08 00:32:40 +02:00
Jakob Unterwurzacher
e7f78135b3
Add "-allow_other" command-line option
...
As requested in https://github.com/rfjakob/gocryptfs/issues/26 ,
this adds the option to allow other users to access the filesystem.
2016-05-18 19:30:05 +02:00
Jakob Unterwurzacher
4ad9d4e444
prefer_openssl: add amd64 constraint
...
Optimized assembly versions for Go GCM are only available
on amd64.
2016-05-12 09:50:36 +02:00
Jakob Unterwurzacher
49b597f07c
prefer_openssl: autodetect whether to use OpenSSL or Go GCM
...
Go GCM is faster than OpenSSL if the CPU has AES instructions
and you are running Go 1.6+.
The "-openssl" option now defaults to "auto".
"gocryptfs -debug -version" displays the result of the autodetection.
See https://github.com/rfjakob/gocryptfs/issues/23 for details and
benchmarks.
2016-05-12 00:42:42 +02:00
Jakob Unterwurzacher
39f3a24484
stupidgcm: completely replace spacemonkeygo/openssl
2016-05-04 19:56:07 +02:00
Jakob Unterwurzacher
f035d3efba
Update manpage with "longnames" option, explain feature flag options
2016-04-17 21:19:51 +02:00
Jakob Unterwurzacher
776c734f43
Update readme.md and performance.txt for v0.9
2016-04-10 23:01:00 +02:00
Jakob Unterwurzacher
e42e46c97c
Add v0.9-rc2 performance numbers
2016-04-10 12:04:50 +02:00
Jakob Unterwurzacher
6454db68d9
Add new "-wpanic" option and enable it for the automated tests
2016-01-31 18:09:39 +01:00
Jakob Unterwurzacher
65b8d5bc46
Update MANPAGE with new options
2016-01-24 18:20:52 +01:00
Jakob Unterwurzacher
4a1768a314
Automate standard performance tests
2016-01-23 19:33:03 +01:00
Jakob Unterwurzacher
8432382244
Update README for v0.7.2
2016-01-19 23:01:21 +01:00
Jakob Unterwurzacher
6a9da0db10
Add EXAMPLES to manpage
2016-01-06 16:55:38 +01:00
Jakob Unterwurzacher
6443691c7e
Delete old logo
2016-01-05 21:24:28 +01:00
Jakob Unterwurzacher
5d25c6e7e9
Link to official website; move security document
2015-12-20 18:25:10 +01:00
Jakob Unterwurzacher
3bbaa1208f
Add logo, update README for v0.7
2015-12-20 15:42:52 +01:00
Jakob Unterwurzacher
04abad5e84
Update performance data for v0.7
2015-12-20 15:39:40 +01:00
Jakob Unterwurzacher
1caa925868
Increase GCM IV size from 96 to 128 bits
...
This pushes back the birthday bound for collisions to make it virtually
irrelevant.
2015-12-19 15:02:29 +01:00
Jakob Unterwurzacher
9419e7ae85
Update README + docs for v0.6 release
2015-12-08 16:41:45 +01:00
Jakob Unterwurzacher
c6dacd6f91
Add EME filename encryption & enable it by default
2015-12-08 16:17:04 +01:00
Jakob Unterwurzacher
fc23aba65b
performance.txt: link to linux-3.0.tar.gz
2015-12-04 22:45:16 +01:00
Jakob Unterwurzacher
353d29b502
Update manpage with -diriv and -scryptn
2015-12-04 22:41:14 +01:00
Jakob Unterwurzacher
018d047ab2
Show base64 encoding in filename encryption svg
2015-12-04 22:26:50 +01:00
Jakob Unterwurzacher
a6971ade94
svg: add colored annotations
...
Also, show the IV in the master key decryption process
2015-12-02 09:03:37 +01:00
Jakob Unterwurzacher
026ab56de4
Cut down the text in SECURITY.md, add graphs
2015-12-01 23:06:56 +01:00
Jakob Unterwurzacher
6515c8d42c
Add svgs explaining the encryption steps
2015-12-01 22:54:40 +01:00
Jakob Unterwurzacher
2734dc81e5
Make sure MANPAGE-render.bash works when called from outside Documentation
2015-12-01 21:04:58 +01:00
Jakob Unterwurzacher
accf8144ca
Move docs to Documentation folder
2015-12-01 18:19:24 +01:00