README
¶
Glazier: Bitlocker Package
The Glazier Bitlocker package is a wrapper for Microsoft's BitLocker Drive Encryption Provider.
Example Usage
// Connect to the volume
vol, err := bitlocker.Connect("c:")
if err != nil {
return err
}
defer vol.Close()
// Prepare for encryption
if err := vol.Prepare(bitlocker.VolumeTypeDefault, bitlocker.EncryptionTypeSoftware); err != nil {
return err
}
// Add a recovery protector
if err := vol.ProtectWithNumericalPassword(""); err != nil {
return err
}
// Protect with TPM
if err := vol.ProtectWithTPM(nil); err != nil {
return err
}
// Start encryption
if err := vol.Encrypt(bitlocker.XtsAES256, bitlocker.EncryptDataOnly); err != nil {
return err
}
return nil
Documentation
¶
Overview ¶
Package bitlocker provides functionality for managing Bitlocker.
Index ¶
- Constants
- func BackupToAD() error
- type DiscoveryVolumeType
- type EncryptionFlag
- type EncryptionMethod
- type ForceEncryptionType
- type Volume
- func (v *Volume) Close()
- func (v *Volume) Encrypt(method EncryptionMethod, flags EncryptionFlag) error
- func (v *Volume) Prepare(volType DiscoveryVolumeType, encType ForceEncryptionType) error
- func (v *Volume) ProtectWithNumericalPassword(password string) error
- func (v *Volume) ProtectWithPassphrase(passphrase string) error
- func (v *Volume) ProtectWithTPM(platformValidationProfile *[]uint8) error
Constants ¶
const ( EncryptDataOnly EncryptionFlag = 0x00000001 EncryptDemandWipe EncryptionFlag = 0x00000002 EncryptSynchronous EncryptionFlag = 0x00010000 // Error Codes ERROR_IO_DEVICE int32 = -2147023779 FVE_E_EDRIVE_INCOMPATIBLE_VOLUME int32 = -2144272206 FVE_E_NO_TPM_WITH_PASSPHRASE int32 = -2144272212 FVE_E_PASSPHRASE_TOO_LONG int32 = -2144272214 FVE_E_POLICY_PASSPHRASE_NOT_ALLOWED int32 = -2144272278 FVE_E_NOT_DECRYPTED int32 = -2144272327 FVE_E_INVALID_PASSWORD_FORMAT int32 = -2144272331 FVE_E_BOOTABLE_CDDVD int32 = -2144272336 FVE_E_PROTECTOR_EXISTS int32 = -2144272335 )
Variables ¶
This section is empty.
Functions ¶
func BackupToAD ¶
func BackupToAD() error
BackupToAD backs up Bitlocker recovery keys to Active Directory.
Types ¶
type DiscoveryVolumeType ¶
type DiscoveryVolumeType string
DiscoveryVolumeType specifies the type of discovery volume to be used by Prepare.
Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/preparevolume-win32-encryptablevolume
const ( // VolumeTypeNone indicates no discovery volume. This value creates a native BitLocker volume. VolumeTypeNone DiscoveryVolumeType = "<none>" // VolumeTypeDefault indicates the default behavior. VolumeTypeDefault DiscoveryVolumeType = "<default>" // VolumeTypeFAT32 creates a FAT32 discovery volume. VolumeTypeFAT32 DiscoveryVolumeType = "FAT32" )
type EncryptionFlag ¶
type EncryptionFlag int32
Encryption Flags https://docs.microsoft.com/en-us/windows/win32/secprov/encrypt-win32-encryptablevolume
type EncryptionMethod ¶
type EncryptionMethod int32
Encryption Methods https://docs.microsoft.com/en-us/windows/win32/secprov/getencryptionmethod-win32-encryptablevolume
const ( None EncryptionMethod = iota AES128WithDiffuser AES256WithDiffuser AES128 AES256 HardwareEncryption XtsAES128 XtsAES256 )
type ForceEncryptionType ¶
type ForceEncryptionType int32
ForceEncryptionType specifies the encryption type to be used when calling Prepare on the volume.
Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/preparevolume-win32-encryptablevolume
const ( // EncryptionTypeUnspecified indicates that the encryption type is not specified. EncryptionTypeUnspecified ForceEncryptionType = 0 // EncryptionTypeSoftware specifies software encryption. EncryptionTypeSoftware ForceEncryptionType = 1 // EncryptionTypeHardware specifies hardware encryption. EncryptionTypeHardware ForceEncryptionType = 2 )
type Volume ¶
type Volume struct {
// contains filtered or unexported fields
}
A Volume tracks an open encryptable volume.
func Connect ¶
Connect connects to an encryptable volume in order to manage it. You must call Close() to release the volume when finished.
Example: bitlocker.Connect("c:")
func (*Volume) Encrypt ¶
func (v *Volume) Encrypt(method EncryptionMethod, flags EncryptionFlag) error
Encrypt encrypts the volume.
Example: vol.Encrypt(bitlocker.XtsAES256, bitlocker.EncryptDataOnly)
Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/encrypt-win32-encryptablevolume
func (*Volume) Prepare ¶
func (v *Volume) Prepare(volType DiscoveryVolumeType, encType ForceEncryptionType) error
Prepare prepares a new Bitlocker Volume. This should be called BEFORE any key protectors are added.
Example: vol.Prepare(bitlocker.VolumeTypeDefault, bitlocker.EncryptionTypeHardware)
Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/preparevolume-win32-encryptablevolume
func (*Volume) ProtectWithNumericalPassword ¶
ProtectWithNumericalPassword adds a numerical password key protector.
Leave password as a blank string to have one auto-generated by Windows. (Recommended)
In Powershell this is referred to as a RecoveryPasswordProtector.
func (*Volume) ProtectWithPassphrase ¶
ProtectWithPassphrase adds a passphrase key protector.
func (*Volume) ProtectWithTPM ¶
ProtectWithTPM adds the TPM key protector.
Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/protectkeywithtpm-win32-encryptablevolume
Source Files