summaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/MANPAGE.md5
-rw-r--r--Documentation/SECURITY.md2
-rw-r--r--Documentation/file-format.md32
3 files changed, 38 insertions, 1 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md
index 446ce37..2e440b2 100644
--- a/Documentation/MANPAGE.md
+++ b/Documentation/MANPAGE.md
@@ -57,6 +57,11 @@ to mount the gocryptfs filesytem without user interaction.
**-fusedebug**
: Enable fuse library debug output
+**-gcmiv128**
+: Use an 128-bit IV for GCM encryption instead of Go's default of
+96 bits (default true). This pushes back the birthday bound for IV
+collisions far enough to make it irrelevant.
+
**-init**
: Initialize encrypted directory
diff --git a/Documentation/SECURITY.md b/Documentation/SECURITY.md
index dff2fab..a49994a 100644
--- a/Documentation/SECURITY.md
+++ b/Documentation/SECURITY.md
@@ -18,7 +18,7 @@ File Contents
All file contents are encrypted using AES-256-GCM (Galois/Counter Mode).
Files are segmented into 4KB blocks. Each block gets a fresh random
-96 bit IV each time it is modified. A 128-bit authentication tag (GHASH)
+128 bit IV each time it is modified. A 128-bit authentication tag (GHASH)
protects each block from modifications.
Each file has a header containing a random 128-bit file ID. The
diff --git a/Documentation/file-format.md b/Documentation/file-format.md
new file mode 100644
index 0000000..b0d4b55
--- /dev/null
+++ b/Documentation/file-format.md
@@ -0,0 +1,32 @@
+File Format
+===========
+
+Header
+
+ 2 bytes header version (big endian uint16, currently 2)
+ 16 bytes file id
+
+Data block
+
+ 16 bytes GCM IV (nonce)
+ 1-4096 bytes encrypted data
+ 16 bytes GHASH
+
+
+Example: 1-byte file
+--------------------
+
+ Header 18 bytes
+ Data block 33 bytes
+
+Total: 51 bytes
+
+
+Example: 5000-byte file
+-----------------------
+
+ Header 18 bytes
+ Data block 4128 bytes
+ Data block 936 bytes
+
+Total: 5082 bytes