aboutsummaryrefslogtreecommitdiff
path: root/gocryptfs_main
diff options
context:
space:
mode:
authorJakob Unterwurzacher2015-10-06 21:16:39 +0200
committerJakob Unterwurzacher2015-10-06 21:16:39 +0200
commit45ea8aa5463942b0b777fcc0b354cef5821c908d (patch)
treee185caa3b27054e1ef11292cba86eba608367fec /gocryptfs_main
parent5c6df490678e7dc1aa7a09425d2fdf14fb13f7be (diff)
Add "--masterkey=" parameter for recovery purposes
Diffstat (limited to 'gocryptfs_main')
-rw-r--r--gocryptfs_main/main.go42
-rw-r--r--gocryptfs_main/masterkey.go54
2 files changed, 64 insertions, 32 deletions
diff --git a/gocryptfs_main/main.go b/gocryptfs_main/main.go
index d6ce064..600b6ab 100644
--- a/gocryptfs_main/main.go
+++ b/gocryptfs_main/main.go
@@ -1,7 +1,6 @@
package main
import (
- "encoding/hex"
"flag"
"fmt"
"io/ioutil"
@@ -64,12 +63,14 @@ func main() {
// Parse command line arguments
var debug, init, zerokey, fusedebug, openssl bool
+ var masterkey string
flag.BoolVar(&debug, "debug", false, "Enable debug output")
flag.BoolVar(&fusedebug, "fusedebug", false, "Enable fuse library debug output")
flag.BoolVar(&init, "init", false, "Initialize encrypted directory")
flag.BoolVar(&zerokey, "zerokey", false, "Use all-zero dummy master key")
flag.BoolVar(&openssl, "openssl", true, "Use OpenSSL instead of built-in Go crypto")
+ flag.StringVar(&masterkey, "masterkey", "", "Mount with explicit master key")
var cpuprofile = flag.String("cpuprofile", "", "write cpu profile to file")
flag.Parse()
@@ -114,7 +115,9 @@ func main() {
key := make([]byte, cryptfs.KEY_LEN)
if zerokey {
fmt.Printf("Zerokey mode active: using all-zero dummy master key.\n")
- fmt.Printf("ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING.\n")
+ } else if len(masterkey) > 0 {
+ key = parseMasterKey(masterkey)
+ fmt.Printf("Using explicit master key.\n")
} else {
cfname := filepath.Join(cipherdir, cryptfs.ConfDefaultName)
_, err = os.Stat(cfname)
@@ -137,8 +140,12 @@ func main() {
srv := pathfsFrontend(key, cipherdir, mountpoint, fusedebug, openssl)
fmt.Printf("Mounted.\n")
- if zerokey == false {
+ if zerokey == false && len(masterkey) == 0 {
printMasterKey(key)
+ } else if zerokey == true {
+ fmt.Printf("ZEROKEY MODE PROVIDES NO SECURITY AT ALL AND SHOULD ONLY BE USED FOR TESTING.\n")
+ } else if len(masterkey) > 0 {
+ fmt.Printf("THE MASTER KEY IS VISIBLE VIA \"ps -auxwww\", ONLY USE THIS MODE FOR EMERGENCIES.\n")
}
// Send notification to our parent
@@ -147,35 +154,6 @@ func main() {
srv.Serve()
}
-// printMasterKey - remind the user that he should store the master key in
-// a safe place
-func printMasterKey(key []byte) {
- h := hex.EncodeToString(key)
- var hChunked string
-
- // Try to make it less scary by splitting it up in chunks
- for i := 0; i < len(h); i+=8 {
- hChunked += h[i:i+8]
- if i < 52 {
- hChunked += "-"
- }
- if i == 24 {
- hChunked += "\n "
- }
- }
-
- fmt.Printf(`
-ATTENTION:
-
- Your master key is: %s
-
-If the gocryptfs.conf file becomes corrupted or you ever forget your password,
-there is only one hope for recovery: The master key. Print it to a piece of
-paper and store it in a drawer.
-
-`, hChunked)
-}
-
func readPasswordTwice() string {
fmt.Printf("Password: ")
p1 := readPassword()
diff --git a/gocryptfs_main/masterkey.go b/gocryptfs_main/masterkey.go
new file mode 100644
index 0000000..205f2ab
--- /dev/null
+++ b/gocryptfs_main/masterkey.go
@@ -0,0 +1,54 @@
+package main
+
+import (
+ "os"
+ "fmt"
+ "encoding/hex"
+ "strings"
+ "github.com/rfjakob/gocryptfs/cryptfs"
+)
+
+
+// printMasterKey - remind the user that he should store the master key in
+// a safe place
+func printMasterKey(key []byte) {
+ h := hex.EncodeToString(key)
+ var hChunked string
+
+ // Try to make it less scary by splitting it up in chunks
+ for i := 0; i < len(h); i+=8 {
+ hChunked += h[i:i+8]
+ if i < 52 {
+ hChunked += "-"
+ }
+ if i == 24 {
+ hChunked += "\n "
+ }
+ }
+
+ fmt.Printf(`
+ATTENTION:
+
+ Your master key is: %s
+
+If the gocryptfs.conf file becomes corrupted or you ever forget your password,
+there is only one hope for recovery: The master key. Print it to a piece of
+paper and store it in a drawer.
+
+`, hChunked)
+}
+
+// Parse a hex-encoded master key that was passed on the command line
+func parseMasterKey(masterkey string) []byte {
+ masterkey = strings.Replace(masterkey, "-", "", -1)
+ key, err := hex.DecodeString(masterkey)
+ if err != nil {
+ fmt.Printf("Could not parse master key: %v\n", err)
+ os.Exit(1)
+ }
+ if len(key) != cryptfs.KEY_LEN {
+ fmt.Printf("Master key has length %d but we require length %d\n", len(key), cryptfs.KEY_LEN)
+ os.Exit(1)
+ }
+ return key
+}