diff options
-rw-r--r-- | Documentation/SECURITY.md | 4 | ||||
-rw-r--r-- | Documentation/file-name-encryption.svg | 134 |
2 files changed, 91 insertions, 47 deletions
diff --git a/Documentation/SECURITY.md b/Documentation/SECURITY.md index e9e1015..003eadb 100644 --- a/Documentation/SECURITY.md +++ b/Documentation/SECURITY.md @@ -37,6 +37,8 @@ File Names Every directory gets a 128-bit directory IV that is stored in each directory as `gocryptfs.diriv`. -File names are encrypted using AES-256-CBC with the directory IV. +File names are encrypted using AES-256-CBC with the directory IV as +initialization vector. The Base64 encoding limits the usable filename length +to 176 characters. ![](https://rawgit.com/rfjakob/gocryptfs/master/Documentation/file-name-encryption.svg) diff --git a/Documentation/file-name-encryption.svg b/Documentation/file-name-encryption.svg index 19298c5..4093f24 100644 --- a/Documentation/file-name-encryption.svg +++ b/Documentation/file-name-encryption.svg @@ -9,9 +9,9 @@ xmlns="http://www.w3.org/2000/svg" xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" - width="158.73833mm" - height="39.28363mm" - viewBox="0 0 562.45863 139.19395" + width="182.44499mm" + height="29.394854mm" + viewBox="0 0 646.45862 104.15498" id="svg2" version="1.1" inkscape:version="0.91 r13725" @@ -19,6 +19,21 @@ <defs id="defs4"> <marker + inkscape:stockid="Arrow1Mend" + orient="auto" + refY="0" + refX="0" + id="marker14911" + style="overflow:visible" + inkscape:isstock="true"> + <path + id="path14913" + d="M 0,0 5,-5 -12.5,0 5,5 0,0 Z" + style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1pt;stroke-opacity:1" + transform="matrix(-0.4,0,0,-0.4,-4,0)" + inkscape:connector-curvature="0" /> + </marker> + <marker inkscape:isstock="true" style="overflow:visible" id="marker9315" @@ -135,8 +150,8 @@ inkscape:pageopacity="0.0" inkscape:pageshadow="2" inkscape:zoom="1.979899" - inkscape:cx="279.63722" - inkscape:cy="70.50185" + inkscape:cx="299.54034" + inkscape:cy="65.144047" inkscape:document-units="px" inkscape:current-layer="layer1" showgrid="true" @@ -161,7 +176,7 @@ spacingx="3.543307" spacingy="3.5433069" originx="-116.36615" - originy="-688.1612" /> + originy="-722.62329" /> </sodipodi:namedview> <metadata id="metadata7"> @@ -179,45 +194,45 @@ inkscape:label="Layer 1" inkscape:groupmode="layer" id="layer1" - transform="translate(-116.36614,-225.00693)"> + transform="translate(-116.36614,-225.58383)"> <rect style="opacity:1;fill:#b0b0b0;fill-opacity:1;stroke:none;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" id="rect4273-2" width="202.06071" height="70.915802" - x="469.67743" + x="553.67743" y="251.7364" /> <rect style="opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" id="rect4267-1" width="180.79115" height="21.25984" - x="481.06256" + x="565.06256" y="260.98331" /> <text xml:space="preserve" style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:90.02054596px;line-height:125%;font-family:Arial;-inkscape-font-specification:'Arial Bold';letter-spacing:67.66544342px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" - x="532.00171" + x="615.98376" y="244.4257" id="text4155-7" sodipodi:linespacing="125%" transform="scale(1.0002283,0.99977176)"><tspan sodipodi:role="line" id="tspan4157-2" - x="532.00171" + x="615.98376" y="244.4257" style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.00342369px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px">Directory X</tspan></text> <text xml:space="preserve" style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:90.02054596px;line-height:125%;font-family:Arial;-inkscape-font-specification:'Arial Bold';letter-spacing:67.66544342px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" - x="519.39117" + x="603.37323" y="275.30154" id="text4155-88-3" sodipodi:linespacing="125%" - transform="scale(1.0002283,0.99977178)"><tspan + transform="scale(1.0002283,0.99977176)"><tspan sodipodi:role="line" id="tspan4157-9-7" - x="519.39117" + x="603.37323" y="275.30154" style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.00342369px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px">gocryptfs.diriv</tspan></text> <text @@ -238,30 +253,30 @@ width="127.61733" height="21.259842" x="303.21915" - y="293.60205" + y="293.23734" ry="10.629921" /> <text xml:space="preserve" style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:90.02054596px;line-height:125%;font-family:Arial;-inkscape-font-specification:'Arial Bold';letter-spacing:67.66544342px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" x="316.79153" - y="309.0708" + y="309.39807" id="text4155-6-5-7-9-1" sodipodi:linespacing="125%" - transform="scale(1.0002283,0.99977178)"><tspan + transform="scale(1.0002283,0.99977177)"><tspan sodipodi:role="line" id="tspan4157-3-0-7-6-8" x="316.79153" - y="309.0708" + y="309.39807" style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.00342369px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px">AES-256-CBC</tspan></text> <path style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker-end:url(#marker8559)" - d="m 474.94047,270.16733 -107.49863,0.0896 0,17.75633" + d="m 558.97059,270.16733 -169.78791,0.0896 0,17.75633" id="path8551" inkscape:connector-curvature="0" sodipodi:nodetypes="ccc" /> <path style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.99999988;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker-end:url(#marker8949)" - d="m 257.92054,303.02308 40.39527,0.0845" + d="m 257.92054,303.7971 40.39527,0.0845" id="path8941" inkscape:connector-curvature="0" sodipodi:nodetypes="cc" /> @@ -271,23 +286,23 @@ width="127.61729" height="21.259859" x="123.95276" - y="292.47751" /> + y="293.23734" /> <text xml:space="preserve" style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:90.02054596px;line-height:125%;font-family:Arial;-inkscape-font-specification:'Arial Bold';letter-spacing:67.66544342px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" x="146.35033" - y="307.31262" + y="309.52994" id="text4155-88-3-1" sodipodi:linespacing="125%" - transform="scale(1.0002283,0.99977178)"><tspan + transform="scale(1.0002283,0.99977177)"><tspan sodipodi:role="line" id="tspan4157-9-7-3" x="146.35033" - y="307.31262" + y="309.52994" style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.00342369px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px">"letter.doc"</tspan></text> <path - style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.99999988;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker-end:url(#marker8949-8)" - d="m 434.33388,303.67621 40.39527,0.0844" + style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.99999982;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker-end:url(#marker8949-8)" + d="m 435.14323,303.81321 19.07004,0.0844" id="path8941-5" inkscape:connector-curvature="0" sodipodi:nodetypes="cc" /> @@ -296,63 +311,90 @@ id="rect4267-1-0" width="180.79115" height="21.25984" - x="481.17648" - y="293.90228" /> + x="565.17651" + y="293.23734" /> <text xml:space="preserve" style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:90.02054596px;line-height:125%;font-family:Arial;-inkscape-font-specification:'Arial Bold';letter-spacing:67.66544342px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" - x="489.49826" - y="308.22809" + x="573.47998" + y="308.07574" id="text4155-88-3-0" sodipodi:linespacing="125%" - transform="scale(1.0002283,0.99977178)"><tspan + transform="scale(1.0002283,0.99977176)"><tspan sodipodi:role="line" id="tspan4157-9-7-0" - x="489.49826" - y="308.22809" + x="573.47998" + y="308.07574" style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.00342369px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px">lrpyui0m-ypX4u0PNJ...</tspan></text> <text xml:space="preserve" style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:90.10359192px;line-height:125%;font-family:Arial;-inkscape-font-specification:'Arial Bold';letter-spacing:67.72786713px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" - x="326.56442" - y="349.97977" + x="304.04675" + y="247.91684" id="text4155-8-2" sodipodi:linespacing="125%" transform="scale(0.99921742,1.0007832)"><tspan sodipodi:role="line" id="tspan4157-1-2" - x="326.56442" - y="349.97977" + x="304.04675" + y="247.91684" style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.01726532px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px">Master key</tspan></text> <rect style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" id="rect4271-4" width="106.3383" height="21.300985" - x="313.80774" - y="335.31329" /> + x="291.30774" + y="233.17044" /> <path - style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker-end:url(#marker9315)" - d="m 368.50393,333.07083 0,-14.17323" + style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.99999994;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker-end:url(#marker9315)" + d="m 340.82535,258.96369 0,29.21511" id="path4825" inkscape:connector-curvature="0" /> <path inkscape:connector-curvature="0" - d="m 357.72187,318.88698 c -2.19348,0 -3.97122,1.77773 -3.97122,3.97121 0,0.30404 0.0341,0.59878 0.0993,0.88266 l -6.07006,6.06851 0,0.9928 0.9928,0.9928 1.98561,0 0.99281,-0.9928 0,-0.9928 0.9928,0 0,-0.9928 0.9928,0 0,-0.9928 1.9856,0 1.09829,-1.09829 c 0.29008,0.0666 0.59102,0.10233 0.90128,0.10233 2.19347,0 3.9712,-1.77773 3.9712,-3.9712 0,-2.19348 -1.77928,-3.96967 -3.9712,-3.96967 z m -3.98518,6.95116 -4.96401,4.96402 0,-0.9928 4.96401,-4.96402 0,0.9928 z m 4.96401,-2.9784 c -0.54759,0 -0.9928,-0.44521 -0.9928,-0.9928 0,-0.54759 0.44521,-0.9928 0.9928,-0.9928 0.5476,0 0.99281,0.44521 0.99281,0.9928 0,0.54759 -0.44521,0.9928 -0.99281,0.9928 z" + d="m 332.00759,267.10127 c -2.19348,0 -3.97122,1.77773 -3.97122,3.97121 0,0.30404 0.0341,0.59878 0.0993,0.88266 l -6.07006,6.06851 0,0.9928 0.9928,0.9928 1.98561,0 0.99281,-0.9928 0,-0.9928 0.9928,0 0,-0.9928 0.9928,0 0,-0.9928 1.9856,0 1.09829,-1.09829 c 0.29008,0.0666 0.59102,0.10233 0.90128,0.10233 2.19347,0 3.9712,-1.77773 3.9712,-3.9712 0,-2.19348 -1.77928,-3.96967 -3.9712,-3.96967 z m -3.98518,6.95116 -4.96401,4.96402 0,-0.9928 4.96401,-4.96402 0,0.9928 z m 4.96401,-2.9784 c -0.54759,0 -0.9928,-0.44521 -0.9928,-0.9928 0,-0.54759 0.44521,-0.9928 0.9928,-0.9928 0.5476,0 0.99281,0.44521 0.99281,0.9928 0,0.54759 -0.44521,0.9928 -0.99281,0.9928 z" id="path7910" style="fill:#ffcc00;fill-opacity:1;stroke:none;stroke-opacity:1" /> <text xml:space="preserve" style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:90.01774597px;line-height:125%;font-family:Arial;-inkscape-font-specification:'Arial Bold';letter-spacing:67.66333771px;word-spacing:0px;fill:#aa00d4;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" - x="347.14761" - y="283.80792" + x="462.66055" + y="266.66168" id="text4155-88-3-5-0" sodipodi:linespacing="125%" transform="scale(1.0001971,0.99980293)"><tspan sodipodi:role="line" id="tspan4157-9-7-3-8" - x="347.14761" - y="283.80792" + x="462.66055" + y="266.66168" style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.00295734px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px;fill:#aa00d4">IV</tspan></text> + <rect + style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" + id="rect3336-9-4-2-0-1-0" + width="74.836861" + height="21.259842" + x="459.0206" + y="293.23734" + ry="10.629921" /> + <text + xml:space="preserve" + style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:90.02054596px;line-height:125%;font-family:Arial;-inkscape-font-specification:'Arial Bold';letter-spacing:67.66544342px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1" + x="468.30588" + y="309.39807" + id="text4155-6-5-7-9-1-8" + sodipodi:linespacing="125%" + transform="scale(1.0002283,0.99977176)"><tspan + sodipodi:role="line" + id="tspan4157-3-0-7-6-8-2" + x="468.30588" + y="309.39807" + style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.00342369px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px">Base64</tspan></text> + <path + style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:0.99999982;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker-end:url(#marker14911)" + d="m 537.89913,303.81321 19.07004,0.0844" + id="path8941-5-6" + inkscape:connector-curvature="0" + sodipodi:nodetypes="cc" /> </g> </svg> |