Jakob Unterwurzacher
88bc0aa607
MANPAGE: scryptn: list how much memory is needed
...
Calculated acc. to https://words.filippo.io/the-scrypt-parameters/ ,
and add benchmarks to double-check the numbers. They match.
2023-01-08 22:17:14 +01:00
Gisi0
0b5b864a06
Update MANPAGE.md
...
added which package on linux is needed to use fido2 stick
2023-01-07 10:04:08 +01:00
a1346054
3c1ac3b06b
MANPAGE.md: use correct indefinite article a->an
2023-01-01 22:06:29 +01:00
Jakob Unterwurzacher
ad2904f9ed
MANPAGE: document that -scryptn also applies to -passwd
...
Closes https://github.com/rfjakob/gocryptfs/issues/646
2022-03-19 15:18:39 +01:00
Jakob Unterwurzacher
b636f79f89
MANPAGE: add missing -acl section
...
Looks like 86d8336b43
forgot to add the option to the manpage.
2022-01-22 16:19:33 +01:00
Jakob Unterwurzacher
a1f01419e2
tlog: respect NO_COLOR
...
Fixes https://github.com/rfjakob/gocryptfs/issues/617
2021-12-11 15:35:01 +01:00
Jakob Unterwurzacher
39e736c099
MANPAGE: fix typo
2021-12-04 12:37:12 +01:00
Jakob Unterwurzacher
8722b894a6
MANPAGE: -extpass: document dash duplication bug
...
Closes https://github.com/rfjakob/gocryptfs/issues/621
2021-12-04 12:34:29 +01:00
Jakob Unterwurzacher
d530fbd400
docs: names longer than 175 bytes (not 176) are stored in longnames
...
Quoting fusefrontend_reverse/node_helpers.go :
// File names are padded to 16-byte multiples, encrypted and
// base64-encoded. We can encode at most 176 bytes to stay below the 255
// bytes limit:
// * base64(176 bytes) = 235 bytes
// * base64(192 bytes) = 256 bytes (over 255!)
// But the PKCS#7 padding is at least one byte. This means we can only use
// 175 bytes for the file name.
Noticed by @bailey27 at https://github.com/rfjakob/gocryptfs/issues/499#issuecomment-955790427
2021-11-01 14:44:32 +01:00
Jakob Unterwurzacher
d14c9340d6
cli: add -longnamemax
...
Fixes https://github.com/rfjakob/gocryptfs/issues/499
2021-10-21 15:58:19 +02:00
Jakob Unterwurzacher
a85e39f682
Update README & MANPAGE
2021-09-10 12:17:22 +02:00
Jakob Unterwurzacher
d023cd6c95
cli: drop -forcedecode flag
...
The rewritten openssl backend does not support this flag anymore,
and it was inherently dangerour. Drop it (ignored for compatibility)
2021-09-10 12:14:19 +02:00
a1346054
7c2255be90
*: trim trailing whitespace
2021-09-01 10:22:01 +02:00
a1346054
6cb03b54fe
*: fix spelling
2021-09-01 10:22:01 +02:00
a1346054
c63f7e9f64
shell scripts: fix shellcheck warnings
2021-09-01 10:22:01 +02:00
Jakob Unterwurzacher
91d3b30c1c
doc: file-format.md: describe XChaCha20-Poly1305
...
Different nonce size.
2021-08-26 08:43:41 +02:00
Jakob Unterwurzacher
61ef6b00a6
-devrandom: make flag a no-op
...
Commit f3c777d5ea
added the `-devrandom` option:
commit f3c777d5ea
Author: @slackner
Date: Sun Nov 19 13:30:04 2017 +0100
main: Add '-devrandom' commandline option
Allows to use /dev/random for generating the master key instead of the
default Go implementation. When the kernel random generator has been
properly initialized both are considered equally secure, however:
* Versions of Go prior to 1.9 just fall back to /dev/urandom if the
getrandom() syscall would be blocking (Go Bug #19274 )
* Kernel versions prior to 3.17 do not support getrandom(), and there
is no check if the random generator has been properly initialized
before reading from /dev/urandom
This is especially useful for embedded hardware with low-entroy. Please
note that generation of the master key might block indefinitely if the
kernel cannot harvest enough entropy.
We now require Go v1.13 and Kernel versions should have also moved on.
Make the flag a no-op.
https://github.com/rfjakob/gocryptfs/issues/596
2021-08-25 12:39:17 +02:00
Jakob Unterwurzacher
24bb28a517
MANPAGE: add -xchacha
2021-08-24 14:05:52 +02:00
Jakob Unterwurzacher
14bf80301b
MANPAGE: move nosyslog to MOUNT OPTIONS section
...
It was in INIT OPTIONS by mistake.
2021-08-20 16:01:53 +02:00
Jakob Unterwurzacher
2a9dea2973
-deterministic-names: accept flag on -init
...
And store it in gocryptfs.conf (=remove DirIV feature flag).
2021-08-20 15:57:40 +02:00
Jose M Perez
8f94083a21
Flag -zerodiriv to create all diriv as all zero byte files
2021-08-19 18:05:54 +02:00
Jakob Unterwurzacher
dc52e32151
MANPAGE: add "exclude all but" example
...
Fixes https://github.com/rfjakob/gocryptfs/issues/588
2021-08-18 11:39:01 +02:00
Jakob Unterwurzacher
022c169c39
MANPAGE: -ew: make gitignore syntax more prominent
...
https://github.com/rfjakob/gocryptfs/issues/588
2021-08-18 10:37:53 +02:00
Jakob Unterwurzacher
b2724070d9
reverse mode: implement -one-file-system
...
Fixes https://github.com/rfjakob/gocryptfs/issues/475
2021-08-16 19:23:58 +02:00
Jakob Unterwurzacher
fe616ddad5
doc: update performance.txt
2021-06-26 20:57:39 +02:00
Jakob Unterwurzacher
cdddd1d711
MANPAGE: describe -badname
2021-06-20 18:09:21 +02:00
Jakob Unterwurzacher
5ed1a90c7e
doc: add benchmark for v2.0, reformat table
2021-06-05 14:46:49 +02:00
Jakob Unterwurzacher
5cb1e55714
Doc: update performance.txt
2021-04-07 07:21:20 +02:00
Jakob Unterwurzacher
dc8501f6b2
performance.txt: add dirfd caching results
...
Also, add v2.0-beta2-16-geaca820. I bisected the ls performance
regression to this commit.
2021-04-03 14:09:10 +02:00
Jakob Unterwurzacher
6b492fdcb8
MANPAGE: add sub-headers to EXAMPLES
...
Makes linking to them easier.
2021-01-10 08:01:08 +01:00
Jakob Unterwurzacher
de108d3fc0
-idle: don't lazy-unmount
...
When a process has its working dir inside the mount,
the only way we notice is that we get EBUSY when trying
to unmount.
We used to lazy-unmount in this case, but this means
pulling the rug from under the process.
For example, bash will start throwing
cd: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
messages.
Fixes https://github.com/rfjakob/gocryptfs/issues/533
2021-01-02 18:19:41 +01:00
gmd20
c20c7992a0
main: add "-kernel_cache" flag
...
This option is similar to fuse(8) kernel_cache
Verified using vmtouch.
Without -kernel_cache:
$ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0,0242321 s, 433 MB/s
Files: 1
Directories: 0
Touched Pages: 2560 (10M)
Elapsed: 0.011159 seconds
Files: 1
Directories: 0
Resident Pages: 0/2560 0/10M 0%
Elapsed: 0.000993 seconds
With -kernel_cache:
$ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0,0244015 s, 430 MB/s
Files: 1
Directories: 0
Touched Pages: 2560 (10M)
Elapsed: 0.011564 seconds
Files: 1
Directories: 0
Resident Pages: 2560/2560 10M/10M 100%
Elapsed: 0.000369 seconds
2020-12-20 09:55:04 +01:00
Jakob Unterwurzacher
14dac373c2
MANPAGE: add fstab example
...
https://github.com/rfjakob/gocryptfs/issues/497
2020-11-14 15:27:40 +01:00
Jakob Unterwurzacher
8470cc38df
MANPAGE: add -info example output
2020-11-14 15:08:57 +01:00
Jakob Unterwurzacher
6bb42f79fd
MANPAGE: split up OPTIONS into action flags, init, mount, common
...
Fixes https://github.com/rfjakob/gocryptfs/issues/517
2020-11-14 15:00:47 +01:00
Jakob Unterwurzacher
0b2562fdba
MANPAGE: clarify -fg and syslog interaction
...
The flag -fg does NOT imply -nosyslog. Syslog redirection is
active when -notifypid is passed.
2020-11-14 14:29:04 +01:00
Jakob Unterwurzacher
4872a4a8aa
performance.txt: add v2.0-beta1-9 results
2020-11-10 19:27:30 +01:00
Jakob Unterwurzacher
6697ffd6e2
fusefronted: reject GETXATTR "security.capability"
...
Unless we are mounted with -suid, we can reject
these requests, and gain back some lost speed.
Closes https://github.com/rfjakob/gocryptfs/issues/515
2020-10-18 21:07:30 +02:00
Jakob Unterwurzacher
d656574d08
performance.txt: add gocryptfs v1.8.0 results
2020-10-16 20:03:59 +02:00
Jakob Unterwurzacher
f99050b78a
Update performance.txt with gocryptfs v2.0-beta1 result
...
As expected, we are slow. Fd caching will be implemented later.
2020-10-16 19:13:32 +02:00
Pavol Rusnak
1e624a4cc3
Add support for FIDO2 tokens
2020-09-12 18:06:54 +02:00
Jakob Unterwurzacher
570e9baadf
manpage: link to exitcodes.go
2020-09-06 11:38:13 +02:00
Jakob Unterwurzacher
416080203b
main: accept multiple -passfile options
...
Each file will be read and then concatenated
for the effictive password. This can be used as a
kind of multi-factor authenticiton.
Fixes https://github.com/rfjakob/gocryptfs/issues/288
2020-05-17 19:31:04 +02:00
Jakob Unterwurzacher
5af7d3c699
gocryptfs-xray: document -encrypt-paths / -decrypt-paths
2020-05-10 00:14:03 +02:00
Jakob Unterwurzacher
d612ee5d91
Documentation: update performance.txt
...
Bisecting shows that the performance drop is caused by
this commit:
commit ca9e912a28
(refs/bisect/bad)
Author: Jakob Unterwurzacher <jakobunt@gmail.com>
Date: Sat Feb 29 19:58:08 2020 +0100
fusefrontend: drop xattr user namespace restriction
2020-05-03 21:20:30 +02:00
Oscar
75f16771ff
Update manpage examples
2020-04-07 22:04:40 +02:00
Jakob Unterwurzacher
97743858ce
performance.txt: update result for governor = performance
...
Also add big signs where the cpu has changed, as the results
are not comparable when the cpu is different.
Also update encfs results.
2020-02-15 21:42:39 +01:00
Pavol Rusnak
1364b44ae3
remove Trezor support
2019-12-28 19:50:49 +01:00
Jakob Unterwurzacher
9178aa1534
MANPAGE: describe how to unmount, and that default options are fine
...
Feedback received during the recent Go user group. If you haven't
used FUSE before, you don't know how to unmount, and it was not
described in the man page!
As for the options, there are many, and new users are intimidated
by it. State clearly that defaults are fine.
2019-11-17 11:04:41 +01:00
Jakob Unterwurzacher
03fdfc4c90
Update performance.txt
2019-10-13 19:55:06 +02:00