Jakob Unterwurzacher
4d466c3412
diriv: Create gocryptfs.diriv in every directory
2015-11-25 20:57:16 +01:00
Jakob Unterwurzacher
1ec0fa388d
Update USAGE.txt
...
Also run go fmt
2015-11-03 00:06:04 +01:00
Jakob Unterwurzacher
de56fe9e35
Implement PlainTextNames mode
...
Also, forbid access to "gocryptfs.conf" in the root dir.
2015-11-03 00:00:13 +01:00
Jakob Unterwurzacher
902babdf22
Refactor ciphertext <-> plaintext offset translation functions
...
Move all the intelligence into the new file address_translation.go.
That the calculations were spread out too much became apparent when adding
the file header. This should make the code much easier to modify in the
future.
2015-11-01 12:11:36 +01:00
Jakob Unterwurzacher
76311b60f2
Add file header (on-disk-format change)
...
Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ]
Quoting SECURITY.md:
* Every file has a header that contains a 16-byte random *file id*
* Each block uses the file id and its block number as GCM *authentication data*
* This means the position of the blocks is protected as well. The blocks
can not be reordered or copied between different files without
causing an decryption error.
2015-11-01 01:38:27 +01:00
Jakob Unterwurzacher
a3d286069f
Use block number as authentication data
2015-10-06 22:27:37 +02:00
Jakob Unterwurzacher
5c6df49067
Switch to AES-256
...
AES-256 seems to be becoming the industry standard. While AES-128 is
good enough for tens of years to come, let's follow suit and be extra
safe.
2015-10-06 20:51:35 +02:00
Jakob Unterwurzacher
022a6968ae
Implement proper daemonization
...
The shell wrapper sends gocryptfs into the background and waits for SIGUSR1
2015-10-06 00:31:18 +02:00
Jakob Unterwurzacher
89fef80d32
Run go fmt
2015-10-04 14:49:47 +02:00
Jakob Unterwurzacher
79870ab096
debug: log inode number instead of encrypted filename
...
Makes the log output smaller and more readable.
2015-10-03 19:16:34 +02:00
Jakob Unterwurzacher
38bf8a2fcf
Implement file hole passtrough
...
Fixes xfstests generic/010
Note that file holes are not authenticated,
2015-10-03 13:34:33 +02:00
Jakob Unterwurzacher
6f9e90c414
Encrypt key with scrypt-hashed password
2015-09-13 22:09:38 +02:00
Jakob Unterwurzacher
4acaeb668e
Implement json config storage (not yet encrypted)
2015-09-13 17:55:07 +02:00
Jakob Unterwurzacher
58d1e24b7c
Add OpenSSL support for file content encryption/decryption
...
This brings streaming read performance from 30MB/s to 81MB/s
(similar improvement for writes)
2015-09-06 10:42:34 +02:00
Jakob Unterwurzacher
11fb037e7e
Cleanup and rename files
2015-09-05 20:30:20 +02:00
Jakob Unterwurzacher
7e564f928f
Fix size reporting
2015-09-05 20:11:20 +02:00
Jakob Unterwurzacher
199d3fd79f
Fix write path
2015-09-05 19:07:20 +02:00
Jakob Unterwurzacher
05a5c0a0ff
Wrap cluefs part I
2015-09-05 11:49:05 +02:00