diff options
author | Jakob Unterwurzacher | 2017-08-11 18:42:30 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2017-08-11 19:02:26 +0200 |
commit | 0c520845f3623eff28f0277a52e3ccffd928f5c2 (patch) | |
tree | 82a3e0f8c55ae980d29e33b230954638229089c9 /internal/fusefrontend_reverse/rfs.go | |
parent | f59479736bed49411bda3368f419d6605f1faa78 (diff) |
main: purge masterkey from memory as soon as possible
Remove the "Masterkey" field from fusefrontend.Args because it
should not be stored longer than neccessary. Instead pass the
masterkey as a separate argument to the filesystem initializers.
Then overwrite it with zeros immediately so we don't have
to wait for garbage collection.
Note that the crypto implementation still stores at least a
masterkey-derived value, so this change makes it harder, but not
impossible, to extract the encryption keys from memory.
Suggested at https://github.com/rfjakob/gocryptfs/issues/137
Diffstat (limited to 'internal/fusefrontend_reverse/rfs.go')
-rw-r--r-- | internal/fusefrontend_reverse/rfs.go | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go index 76b1361..53e6d22 100644 --- a/internal/fusefrontend_reverse/rfs.go +++ b/internal/fusefrontend_reverse/rfs.go @@ -40,12 +40,12 @@ var _ pathfs.FileSystem = &ReverseFS{} // NewFS returns an encrypted FUSE overlay filesystem. // In this case (reverse mode) the backing directory is plain-text and // ReverseFS provides an encrypted view. -func NewFS(args fusefrontend.Args) *ReverseFS { +func NewFS(masterkey []byte, args fusefrontend.Args) *ReverseFS { if args.CryptoBackend != cryptocore.BackendAESSIV { log.Panic("reverse mode must use AES-SIV, everything else is insecure") } initLongnameCache() - cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits, args.HKDF, false) + cryptoCore := cryptocore.New(masterkey, args.CryptoBackend, contentenc.DefaultIVBits, args.HKDF, false) contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS, false) nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64) |