diff options
author | Jakob Unterwurzacher | 2015-12-20 18:25:10 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2015-12-20 18:25:10 +0100 |
commit | 5d25c6e7e9217e33b1c54f0f5bc74c6fe3e44119 (patch) | |
tree | 46626588be222f686faf0b176fc45bce71b8c111 /Documentation/SECURITY.md | |
parent | 57b32a0b8b11757776dcfe57d594b2b5829f10f2 (diff) |
Link to official website; move security document
Diffstat (limited to 'Documentation/SECURITY.md')
-rw-r--r-- | Documentation/SECURITY.md | 48 |
1 files changed, 1 insertions, 47 deletions
diff --git a/Documentation/SECURITY.md b/Documentation/SECURITY.md index a49994a..47edd1d 100644 --- a/Documentation/SECURITY.md +++ b/Documentation/SECURITY.md @@ -1,47 +1 @@ -GoCryptFS Security -================== - -Master Key Storage ------------------- - -The master key is used to perform content and file name encryption. -It is stored in `gocryptfs.conf`, encrypted with AES-256-GCM using the -Key Encryption Key (KEK). - -The KEK is generated from the user password using `scrypt`. - -![](https://rawgit.com/rfjakob/gocryptfs/master/Documentation/master-key.svg) - -File Contents -------------- - -All file contents are encrypted using AES-256-GCM (Galois/Counter Mode). - -Files are segmented into 4KB blocks. Each block gets a fresh random -128 bit IV each time it is modified. A 128-bit authentication tag (GHASH) -protects each block from modifications. - -Each file has a header containing a random 128-bit file ID. The -file ID and the block number are mixed into the GHASH as -*additional authenticated data*. The prevents blocks from being copied -between or within files. - -![](https://rawgit.com/rfjakob/gocryptfs/master/Documentation/file-content-encryption.svg) - -To support sparse files, all-zero blocks are accepted and passed through -unchanged. - -File Names ----------- - -Every directory gets a 128-bit directory IV that is stored in each -directory as `gocryptfs.diriv`. - -File names are encrypted using AES-256-EME (ECB-Mix-ECB wide-block encryption, -see https://github.com/rfjakob/eme for details) with the directory IV -as initialization vector. EME fixes the prefix leak that occours with CBC -encryption. - -![](https://rawgit.com/rfjakob/gocryptfs/master/Documentation/file-name-encryption.svg) - -The Base64 encoding limits the usable filename length to 176 characters. +This page has been moved to https://nuetzlich.net/gocryptfs/security/ . |