diff options
author | Jakob Unterwurzacher | 2015-09-13 23:06:38 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2015-09-13 23:06:38 +0200 |
commit | d941b67df4f20393712a2d2e8df2b657b663d226 (patch) | |
tree | 4c5dccd477ca3bf3ba298c4821a60e8b92624056 /main.go | |
parent | 71789ae14f6c0c7418e8cba122da384915732d4a (diff) |
Implement password handling
Diffstat (limited to 'main.go')
-rw-r--r-- | main.go | 63 |
1 files changed, 59 insertions, 4 deletions
@@ -6,11 +6,14 @@ import ( "os" "path/filepath" "time" + "encoding/hex" "github.com/rfjakob/gocryptfs/cluefs_frontend" "github.com/rfjakob/gocryptfs/pathfs_frontend" "github.com/rfjakob/gocryptfs/cryptfs" + "golang.org/x/crypto/ssh/terminal" + bazilfuse "bazil.org/fuse" bazilfusefs "bazil.org/fuse/fs" @@ -35,6 +38,7 @@ const ( ERREXIT_CIPHERDIR = 6 ERREXIT_INIT = 7 ERREXIT_LOADCONF = 8 + ERREXIT_PASSWORD = 9 ) func main() { @@ -55,11 +59,14 @@ func main() { } dir, _ := filepath.Abs(flag.Arg(0)) filename := filepath.Join(dir, cryptfs.ConfDefaultName) - err := cryptfs.CreateConfFile(filename, "test") + fmt.Printf("Choose a password for protecting your files.\n") + password := readPasswordTwice() + err := cryptfs.CreateConfFile(filename, password) if err != nil { fmt.Println(err) os.Exit(ERREXIT_INIT) } + fmt.Printf("The filesystem is now ready for mounting.\n") os.Exit(0) } if flag.NArg() < 2 { @@ -80,14 +87,20 @@ func main() { _, err = os.Stat(cfname) if err != nil { fmt.Printf("Error: %s not found in CIPHERDIR\n", cryptfs.ConfDefaultName) - fmt.Printf("Please run \"%s --init %s\" first\n", PROGRAM_NAME, cipherdir) + fmt.Printf("Please run \"%s --init %s\" first\n", PROGRAM_NAME, flag.Arg(0)) os.Exit(ERREXIT_LOADCONF) } - key, err := cryptfs.LoadConfFile(cfname, "test") + + fmt.Printf("Password: ") + password := readPassword() + fmt.Printf("\nDecrypting master key... ") + key, err := cryptfs.LoadConfFile(cfname, password) if err != nil { fmt.Println(err) os.Exit(ERREXIT_LOADCONF) } + fmt.Printf("Success\n") + printMasterKey(key) if USE_CLUEFS { cluefsFrontend(key, cipherdir, mountpoint) @@ -96,6 +109,48 @@ func main() { } } +// printMasterKey - remind the user that he should store the master key in +// a safe place +func printMasterKey(key []byte) { + h := hex.EncodeToString(key) + // Make it less scary by splitting it up in chunks + h = h[0:8] + "-" + h[8:16] + "-" + h[16:24] + "-" + h[24:32] + + fmt.Printf(` +WARNING: + If the gocryptfs config file becomes corrupted or you ever + forget your password, there is only one hope for recovery: + The master key. Print it to a piece of paper and store it in a drawer. + + Master key: %s + +`, h) +} + +func readPasswordTwice() string { + fmt.Printf("Password: ") + p1 := readPassword() + fmt.Printf("\nRepeat: ") + p2 := readPassword() + fmt.Printf("\n") + if p1 != p2 { + fmt.Printf("Passwords do not match\n") + os.Exit(ERREXIT_PASSWORD) + } + return p1 +} + +// Get password from terminal +func readPassword() string { + fd := int(os.Stdin.Fd()) + p, err := terminal.ReadPassword(fd) + if err != nil { + fmt.Printf("Error: Could not read password: %s\n") + os.Exit(ERREXIT_PASSWORD) + } + return string(p) +} + func cluefsFrontend(key []byte, cipherdir string, mountpoint string) { cfs, err := cluefs_frontend.NewFS(key, cipherdir, USE_OPENSSL) if err != nil { @@ -158,6 +213,6 @@ func pathfsFrontend(key []byte, cipherdir string, mountpoint string, debug bool) } state.SetDebug(debug) - fmt.Println("Mounted!") + fmt.Println("Mounted.") state.Serve() } |