Commit Graph

88 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
e9bb8b800c reverse: switch from GCM-SIV to AES-SIV
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
2016-09-26 23:25:13 +02:00
Jakob Unterwurzacher
2050c7f3b3 reverse: add gcmsiv flag and associated tests 2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
77e7abdf8c XFSTESTS.md: add output from latest fuse-xfstests
fuse-xfstests is regularily rebased to xfstests master.
2016-07-03 22:15:59 +02:00
Jakob Unterwurzacher
a8a0d2d92c MANPAGE: note that "-plaintextnames" disables symlink encryption
This is no change in behavoir, just a clarification in the man page.
2016-06-26 23:08:25 +02:00
Jakob Unterwurzacher
15b88756ad main: add "-o" option to enable "suid" and "dev"
Device files and suid binaries are often not needed when running
gocryptfs as root. As they are potentially dangerous, let the
user enable them explicitely via the new "-o" option instead of
always enabling them when running as root.
2016-06-26 23:03:18 +02:00
Jakob Unterwurzacher
b558901e66 Drop deprecated "-gcmiv128" option
The GCMIV128 feature flag is already mandatory, dropping the command
line option is the final step.

Completes https://github.com/rfjakob/gocryptfs/issues/29 .
2016-06-23 22:10:19 +02:00
Jakob Unterwurzacher
3d59a72ba9 Drop deprecated "-emenames" option
The EMENames feature flag is already mandatory, dropping the command
line option is the final step.
2016-06-23 21:56:50 +02:00
Jakob Unterwurzacher
b17f0465c7 Drop deprecated "-diriv" option
The DirIV feature flag is already mandatory, dropping the command
line option is the final step.
2016-06-23 21:38:59 +02:00
Jakob Unterwurzacher
1dcafb99ff main: drop "on-disk format" from -version output, add Go version
As v0.4 introduced ext4-style feature flags, the on-disk format version
is unlinkely to change. Drop it from the version output to reduce
clutter. Use "gocryptfs -version -debug" to see it.

Add the Go version string because only Go 1.6 and newer have an optimized
AES-GCM implementation. This will help users to understand the performance
of their build.
2016-06-19 19:33:15 +02:00
Jakob Unterwurzacher
82d87ff8ed Add "-ro" (read-only) flag
From the man page:

  **-ro**
  :      Mount the filesystem read-only

Also add a test.
2016-06-16 21:29:22 +02:00
Jakob Unterwurzacher
f030123ab5 Add performance numbers for v0.11 2016-06-08 00:32:40 +02:00
Jakob Unterwurzacher
e7f78135b3 Add "-allow_other" command-line option
As requested in https://github.com/rfjakob/gocryptfs/issues/26 ,
this adds the option to allow other users to access the filesystem.
2016-05-18 19:30:05 +02:00
Jakob Unterwurzacher
4ad9d4e444 prefer_openssl: add amd64 constraint
Optimized assembly versions for Go GCM are only available
on amd64.
2016-05-12 09:50:36 +02:00
Jakob Unterwurzacher
49b597f07c prefer_openssl: autodetect whether to use OpenSSL or Go GCM
Go GCM is faster than OpenSSL if the CPU has AES instructions
and you are running Go 1.6+.

The "-openssl" option now defaults to "auto".

"gocryptfs -debug -version" displays the result of the autodetection.

See https://github.com/rfjakob/gocryptfs/issues/23 for details and
benchmarks.
2016-05-12 00:42:42 +02:00
Jakob Unterwurzacher
39f3a24484 stupidgcm: completely replace spacemonkeygo/openssl 2016-05-04 19:56:07 +02:00
Jakob Unterwurzacher
f035d3efba Update manpage with "longnames" option, explain feature flag options 2016-04-17 21:19:51 +02:00
Jakob Unterwurzacher
776c734f43 Update readme.md and performance.txt for v0.9 2016-04-10 23:01:00 +02:00
Jakob Unterwurzacher
e42e46c97c Add v0.9-rc2 performance numbers 2016-04-10 12:04:50 +02:00
Jakob Unterwurzacher
6454db68d9 Add new "-wpanic" option and enable it for the automated tests 2016-01-31 18:09:39 +01:00
Jakob Unterwurzacher
65b8d5bc46 Update MANPAGE with new options 2016-01-24 18:20:52 +01:00
Jakob Unterwurzacher
4a1768a314 Automate standard performance tests 2016-01-23 19:33:03 +01:00
Jakob Unterwurzacher
8432382244 Update README for v0.7.2 2016-01-19 23:01:21 +01:00
Jakob Unterwurzacher
6a9da0db10 Add EXAMPLES to manpage 2016-01-06 16:55:38 +01:00
Jakob Unterwurzacher
6443691c7e Delete old logo 2016-01-05 21:24:28 +01:00
Jakob Unterwurzacher
5d25c6e7e9 Link to official website; move security document 2015-12-20 18:25:10 +01:00
Jakob Unterwurzacher
3bbaa1208f Add logo, update README for v0.7 2015-12-20 15:42:52 +01:00
Jakob Unterwurzacher
04abad5e84 Update performance data for v0.7 2015-12-20 15:39:40 +01:00
Jakob Unterwurzacher
1caa925868 Increase GCM IV size from 96 to 128 bits
This pushes back the birthday bound for collisions to make it virtually
irrelevant.
2015-12-19 15:02:29 +01:00
Jakob Unterwurzacher
9419e7ae85 Update README + docs for v0.6 release 2015-12-08 16:41:45 +01:00
Jakob Unterwurzacher
c6dacd6f91 Add EME filename encryption & enable it by default 2015-12-08 16:17:04 +01:00
Jakob Unterwurzacher
fc23aba65b performance.txt: link to linux-3.0.tar.gz 2015-12-04 22:45:16 +01:00
Jakob Unterwurzacher
353d29b502 Update manpage with -diriv and -scryptn 2015-12-04 22:41:14 +01:00
Jakob Unterwurzacher
018d047ab2 Show base64 encoding in filename encryption svg 2015-12-04 22:26:50 +01:00
Jakob Unterwurzacher
a6971ade94 svg: add colored annotations
Also, show the IV in the master key decryption process
2015-12-02 09:03:37 +01:00
Jakob Unterwurzacher
026ab56de4 Cut down the text in SECURITY.md, add graphs 2015-12-01 23:06:56 +01:00
Jakob Unterwurzacher
6515c8d42c Add svgs explaining the encryption steps 2015-12-01 22:54:40 +01:00
Jakob Unterwurzacher
2734dc81e5 Make sure MANPAGE-render.bash works when called from outside Documentation 2015-12-01 21:04:58 +01:00
Jakob Unterwurzacher
accf8144ca Move docs to Documentation folder 2015-12-01 18:19:24 +01:00