configfile

package
v1.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 6, 2019 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package configfile reads and writes gocryptfs.conf does the key wrapping.

Index

Constants

View Source 
const (
	// ConfDefaultName is the default configuration file name.
	// The dot "." is not used in base64url (RFC4648), hence
	// we can never clash with an encrypted file.
	ConfDefaultName = "gocryptfs.conf"
	// ConfReverseName is the default configuration file name in reverse mode,
	// the config file gets stored next to the plain-text files. Make it hidden
	// (start with dot) to not annoy the user.
	ConfReverseName = ".gocryptfs.reverse.conf"
)
View Source 
const (
	// FlagPlaintextNames indicates that filenames are unencrypted.
	FlagPlaintextNames flagIota = iota
	// FlagDirIV indicates that a per-directory IV file is used.
	FlagDirIV
	// FlagEMENames indicates EME (ECB-Mix-ECB) filename encryption.
	// This flag is mandatory since gocryptfs v1.0.
	FlagEMENames
	// FlagGCMIV128 indicates 128-bit GCM IVs.
	// This flag is mandatory since gocryptfs v1.0.
	FlagGCMIV128
	// FlagLongNames allows file names longer than 176 bytes.
	FlagLongNames
	// FlagAESSIV selects an AES-SIV based crypto backend.
	FlagAESSIV
	// FlagRaw64 enables raw (unpadded) base64 encoding for file names
	FlagRaw64
	// FlagHKDF enables HKDF-derived keys for use with GCM, EME and SIV
	// instead of directly using the master key (GCM and EME) or the SHA-512
	// hashed master key (SIV).
	// Note that this flag does not change the password hashing algorithm
	// which always is scrypt.
	FlagHKDF
	// FlagTrezor means that "-trezor" was used when creating the filesystem.
	// The masterkey is protected using a Trezor device instead of a password.
	FlagTrezor
)
View Source 
const (
	// ScryptDefaultLogN is the default scrypt logN configuration parameter.
	// logN=16 (N=2^16) uses 64MB of memory and takes 4 seconds on my Atom Z3735F
	// netbook.
	ScryptDefaultLogN = 16
)

Variables

This section is empty.

Functions

func Create added in v1.6.1 

func Create(filename string, password []byte, plaintextNames bool,
	logN int, creator string, aessiv bool, devrandom bool, trezorPayload []byte) error

Create - create a new config with a random key encrypted with "password" and write it to "filename". Uses scrypt with cost parameter logN.

Types

type ConfFile 

type ConfFile struct {
	// Creator is the gocryptfs version string.
	// This only documents the config file for humans who look at it. The actual
	// technical info is contained in FeatureFlags.
	Creator string
	// EncryptedKey holds an encrypted AES key, unlocked using a password
	// hashed with scrypt
	EncryptedKey []byte
	// ScryptObject stores parameters for scrypt hashing (key derivation)
	ScryptObject ScryptKDF
	// Version is the On-Disk-Format version this filesystem uses
	Version uint16
	// FeatureFlags is a list of feature flags this filesystem has enabled.
	// If gocryptfs encounters a feature flag it does not support, it will refuse
	// mounting. This mechanism is analogous to the ext4 feature flags that are
	// stored in the superblock.
	FeatureFlags []string
	// TrezorPayload stores 32 random bytes used for unlocking the master key using
	// a Trezor security module. The randomness makes sure that a unique unlock
	// value is used for each gocryptfs filesystem.
	TrezorPayload []byte `json:",omitempty"`
	// contains filtered or unexported fields
}

ConfFile is the content of a config file.

func Load added in v1.6.1 

func Load(filename string) (*ConfFile, error)

Load loads and parses the config file at "filename".

func LoadAndDecrypt added in v1.7.1 

func LoadAndDecrypt(filename string, password []byte) ([]byte, *ConfFile, error)

LoadAndDecrypt - read config file from disk and decrypt the contained key using "password". Returns the decrypted key and the ConfFile object

If "password" is empty, the config file is read but the key is not decrypted (returns nil in its place).

func (*ConfFile) DecryptMasterKey added in v1.7.1 

func (cf *ConfFile) DecryptMasterKey(password []byte) (masterkey []byte, err error)

DecryptMasterKey decrypts the masterkey stored in cf.EncryptedKey using password.

func (*ConfFile) EncryptKey 

func (cf *ConfFile) EncryptKey(key []byte, password []byte, logN int)

EncryptKey - encrypt "key" using an scrypt hash generated from "password" and store it in cf.EncryptedKey. Uses scrypt with cost parameter logN and stores the scrypt parameters in cf.ScryptObject.

func (*ConfFile) IsFeatureFlagSet 

func (cf *ConfFile) IsFeatureFlagSet(flagWant flagIota) bool

IsFeatureFlagSet returns true if the feature flag "flagWant" is enabled.

func (*ConfFile) WriteFile 

func (cf *ConfFile) WriteFile() error

WriteFile - write out config in JSON format to file "filename.tmp" then rename over "filename". This way a password change atomically replaces the file.

type ScryptKDF 

type ScryptKDF struct {
	// Salt is the random salt that is passed to scrypt
	Salt []byte
	// N: scrypt CPU/Memory cost parameter
	N int
	// R: scrypt block size parameter
	R int
	// P: scrypt parallelization parameter
	P int
	// KeyLen is the output data length
	KeyLen int
}

ScryptKDF is an instance of the scrypt key deriviation function.

func NewScryptKDF 

func NewScryptKDF(logN int) ScryptKDF

NewScryptKDF returns a new instance of ScryptKDF.

func (*ScryptKDF) DeriveKey 

func (s *ScryptKDF) DeriveKey(pw []byte) []byte

DeriveKey returns a new key from a supplied password.

func (*ScryptKDF) LogN 

func (s *ScryptKDF) LogN() int

LogN - N is saved as 2^LogN, but LogN is much easier to work with. This function gives you LogN = Log2(N).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.