Documentation
¶
Overview ¶
Package configfile reads and writes gocryptfs.conf does the key wrapping.
Index ¶
Constants ¶
const ( // ConfDefaultName is the default configuration file name. // The dot "." is not used in base64url (RFC4648), hence // we can never clash with an encrypted file. ConfDefaultName = "gocryptfs.conf" // ConfReverseName is the default configuration file name in reverse mode, // the config file gets stored next to the plain-text files. Make it hidden // (start with dot) to not annoy the user. ConfReverseName = ".gocryptfs.reverse.conf" )
const ( // FlagPlaintextNames indicates that filenames are unencrypted. FlagPlaintextNames flagIota = iota // FlagDirIV indicates that a per-directory IV file is used. FlagDirIV // FlagEMENames indicates EME (ECB-Mix-ECB) filename encryption. // This flag is mandatory since gocryptfs v1.0. FlagEMENames // FlagGCMIV128 indicates 128-bit GCM IVs. // This flag is mandatory since gocryptfs v1.0. FlagGCMIV128 // FlagLongNames allows file names longer than 176 bytes. FlagLongNames // FlagAESSIV selects an AES-SIV based crypto backend. FlagAESSIV // FlagRaw64 enables raw (unpadded) base64 encoding for file names FlagRaw64 // FlagHKDF enables HKDF-derived keys for use with GCM, EME and SIV // instead of directly using the master key (GCM and EME) or the SHA-512 // hashed master key (SIV). // Note that this flag does not change the password hashing algorithm // which always is scrypt. FlagHKDF )
const ( // ScryptDefaultLogN is the default scrypt logN configuration parameter. // logN=16 (N=2^16) uses 64MB of memory and takes 4 seconds on my Atom Z3735F // netbook. ScryptDefaultLogN = 16 )
Variables ¶
This section is empty.
Functions ¶
func CreateConfFile ¶
func CreateConfFile(filename string, password []byte, plaintextNames bool, logN int, creator string, aessiv bool, devrandom bool) error
CreateConfFile - create a new config with a random key encrypted with "password" and write it to "filename". Uses scrypt with cost parameter logN.
Types ¶
type ConfFile ¶
type ConfFile struct {
// Creator is the gocryptfs version string.
// This only documents the config file for humans who look at it. The actual
// technical info is contained in FeatureFlags.
Creator string
// EncryptedKey holds an encrypted AES key, unlocked using a password
// hashed with scrypt
EncryptedKey []byte
// ScryptObject stores parameters for scrypt hashing (key derivation)
ScryptObject ScryptKDF
// Version is the On-Disk-Format version this filesystem uses
Version uint16
// FeatureFlags is a list of feature flags this filesystem has enabled.
// If gocryptfs encounters a feature flag it does not support, it will refuse
// mounting. This mechanism is analogous to the ext4 feature flags that are
// stored in the superblock.
FeatureFlags []string
// contains filtered or unexported fields
}
ConfFile is the content of a config file.
func LoadConfFile ¶
LoadConfFile - read config file from disk and decrypt the contained key using "password". Returns the decrypted key and the ConfFile object
If "password" is empty, the config file is read but the key is not decrypted (returns nil in its place).
func (*ConfFile) EncryptKey ¶
EncryptKey - encrypt "key" using an scrypt hash generated from "password" and store it in cf.EncryptedKey. Uses scrypt with cost parameter logN and stores the scrypt parameters in cf.ScryptObject.
func (*ConfFile) IsFeatureFlagSet ¶
IsFeatureFlagSet returns true if the feature flag "flagWant" is enabled.
type ScryptKDF ¶
type ScryptKDF struct {
// Salt is the random salt that is passed to scrypt
Salt []byte
// N: scrypt CPU/Memory cost parameter
N int
// R: scrypt block size parameter
R int
// P: scrypt parallelization parameter
P int
// KeyLen is the output data length
KeyLen int
}
ScryptKDF is an instance of the scrypt key deriviation function.
func NewScryptKDF ¶
NewScryptKDF returns a new instance of ScryptKDF.
Source Files