<feed xmlns='http://www.w3.org/2005/Atom'>
<title>gocryptfs/internal/configfile/feature_flags.go, branch LockSharedStorage_rebase2</title>
<subtitle>Mirror of gocryptfs source code on Github</subtitle>
<id>http://nuetzlich.net/cgit/gocryptfs/atom?h=LockSharedStorage_rebase2</id>
<link rel='self' href='http://nuetzlich.net/cgit/gocryptfs/atom?h=LockSharedStorage_rebase2'/>
<link rel='alternate' type='text/html' href='http://nuetzlich.net/cgit/gocryptfs/'/>
<updated>2026-04-26T15:49:40+00:00</updated>
<entry>
<title>Update feature_flags.go</title>
<updated>2026-04-26T15:49:40+00:00</updated>
<author>
<name>DMyachin</name>
</author>
<published>2026-01-04T19:09:46+00:00</published>
<link rel='alternate' type='text/html' href='http://nuetzlich.net/cgit/gocryptfs/commit/?id=a991be3da536b2d57e5b481f0657c3651ea22194'/>
<id>urn:sha1:a991be3da536b2d57e5b481f0657c3651ea22194</id>
<content type='text'>
use maps and slices instead of explicit for loop
</content>
</entry>
<entry>
<title>docs: names longer than 175 bytes (not 176) are stored in longnames</title>
<updated>2021-11-01T13:44:32+00:00</updated>
<author>
<name>Jakob Unterwurzacher</name>
</author>
<published>2021-11-01T13:44:32+00:00</published>
<link rel='alternate' type='text/html' href='http://nuetzlich.net/cgit/gocryptfs/commit/?id=d530fbd400c88fa54c856d958963d77669ac9cf2'/>
<id>urn:sha1:d530fbd400c88fa54c856d958963d77669ac9cf2</id>
<content type='text'>
Quoting fusefrontend_reverse/node_helpers.go :

	// File names are padded to 16-byte multiples, encrypted and
	// base64-encoded. We can encode at most 176 bytes to stay below the 255
	// bytes limit:
	// * base64(176 bytes) = 235 bytes
	// * base64(192 bytes) = 256 bytes (over 255!)
	// But the PKCS#7 padding is at least one byte. This means we can only use
	// 175 bytes for the file name.

Noticed by @bailey27 at https://github.com/rfjakob/gocryptfs/issues/499#issuecomment-955790427
</content>
</entry>
<entry>
<title>configfile: add LongNameMax support</title>
<updated>2021-10-21T12:55:30+00:00</updated>
<author>
<name>Jakob Unterwurzacher</name>
</author>
<published>2021-10-21T07:58:37+00:00</published>
<link rel='alternate' type='text/html' href='http://nuetzlich.net/cgit/gocryptfs/commit/?id=d583bdb79e6f05bce2451a7e220e553209da4c1d'/>
<id>urn:sha1:d583bdb79e6f05bce2451a7e220e553209da4c1d</id>
<content type='text'>
Feature flag + numeric paramater

https://github.com/rfjakob/gocryptfs/issues/499
</content>
</entry>
<entry>
<title>configfile: add Validate() function, support FlagXChaCha20Poly1305</title>
<updated>2021-08-23T14:00:41+00:00</updated>
<author>
<name>Jakob Unterwurzacher</name>
</author>
<published>2021-08-21T19:43:26+00:00</published>
<link rel='alternate' type='text/html' href='http://nuetzlich.net/cgit/gocryptfs/commit/?id=97d8340bd81ddd60baac598d3e25ebfb4decb50c'/>
<id>urn:sha1:97d8340bd81ddd60baac598d3e25ebfb4decb50c</id>
<content type='text'>
We used to do validation using lists of mandatory feature flags.

With the introduction of XChaCha20Poly1305, this became too
simplistic, as it uses a different IV length, hence disabling
GCMIV128.

Add a dedicated function, Validate(), with open-coded validation
logic.

The validation and creation logic also gets XChaCha20Poly1305
support, and gocryptfs -init -xchacha now writes the flag into
gocryptfs.conf.
</content>
</entry>
<entry>
<title>Add partial XChaCha20-Poly1305 support (mount flag only)</title>
<updated>2021-08-23T14:00:41+00:00</updated>
<author>
<name>Jakob Unterwurzacher</name>
</author>
<published>2021-08-21T10:08:37+00:00</published>
<link rel='alternate' type='text/html' href='http://nuetzlich.net/cgit/gocryptfs/commit/?id=4764a9bde093f6b61d0370653c6c9d12949ed145'/>
<id>urn:sha1:4764a9bde093f6b61d0370653c6c9d12949ed145</id>
<content type='text'>
Mount flag only at the moment, not saved to gocryptfs.conf.

https://github.com/rfjakob/gocryptfs/issues/452
</content>
</entry>
<entry>
<title>-deterministic-names: accept flag on -init</title>
<updated>2021-08-20T13:57:40+00:00</updated>
<author>
<name>Jakob Unterwurzacher</name>
</author>
<published>2021-08-20T13:57:40+00:00</published>
<link rel='alternate' type='text/html' href='http://nuetzlich.net/cgit/gocryptfs/commit/?id=2a9dea2973a6141e8efdf8bd26d8ddb2d2c35fc4'/>
<id>urn:sha1:2a9dea2973a6141e8efdf8bd26d8ddb2d2c35fc4</id>
<content type='text'>
And store it in gocryptfs.conf (=remove DirIV feature flag).
</content>
</entry>
<entry>
<title>Add support for FIDO2 tokens</title>
<updated>2020-09-12T16:06:54+00:00</updated>
<author>
<name>Pavol Rusnak</name>
</author>
<published>2020-09-05T20:42:15+00:00</published>
<link rel='alternate' type='text/html' href='http://nuetzlich.net/cgit/gocryptfs/commit/?id=1e624a4cc3aafa57b5fa213c88bcd3689cefd1c3'/>
<id>urn:sha1:1e624a4cc3aafa57b5fa213c88bcd3689cefd1c3</id>
<content type='text'>
</content>
</entry>
<entry>
<title>remove Trezor support</title>
<updated>2019-12-28T18:50:49+00:00</updated>
<author>
<name>Pavol Rusnak</name>
</author>
<published>2019-12-27T21:27:57+00:00</published>
<link rel='alternate' type='text/html' href='http://nuetzlich.net/cgit/gocryptfs/commit/?id=1364b44ae356da31e24e5605fe73a307e9d6fb03'/>
<id>urn:sha1:1364b44ae356da31e24e5605fe73a307e9d6fb03</id>
<content type='text'>
</content>
</entry>
<entry>
<title>trezor: add skeleton for Trezor support</title>
<updated>2018-07-01T18:56:04+00:00</updated>
<author>
<name>Jakob Unterwurzacher</name>
</author>
<published>2018-06-17T13:25:09+00:00</published>
<link rel='alternate' type='text/html' href='http://nuetzlich.net/cgit/gocryptfs/commit/?id=c6f6e8ec4d71475a24ebbb0e64f19ad94249efd9'/>
<id>urn:sha1:c6f6e8ec4d71475a24ebbb0e64f19ad94249efd9</id>
<content type='text'>
readpassword.Trezor() is not implemented yet and returns
a hardcoded dummy key.
</content>
</entry>
<entry>
<title>full stack: implement HKDF support</title>
<updated>2017-03-05T20:59:55+00:00</updated>
<author>
<name>Jakob Unterwurzacher</name>
</author>
<published>2017-03-05T20:59:55+00:00</published>
<link rel='alternate' type='text/html' href='http://nuetzlich.net/cgit/gocryptfs/commit/?id=d0bc7970f721cee607d993406d97d32e2c660abe'/>
<id>urn:sha1:d0bc7970f721cee607d993406d97d32e2c660abe</id>
<content type='text'>
...but keep it disabled by default for new filesystems.

We are still missing an example filesystem and CLI arguments
to explicitely enable and disable it.
</content>
</entry>
</feed>
