diff options
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/MANPAGE.md | 12 | ||||
| -rw-r--r-- | Documentation/file-format.md | 53 | ||||
| -rw-r--r-- | Documentation/performance.txt | 4 |
3 files changed, 56 insertions, 13 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md index 1d3ab6c..64bbaa8 100644 --- a/Documentation/MANPAGE.md +++ b/Documentation/MANPAGE.md @@ -208,6 +208,16 @@ Show all invalid filenames: -badname '*' +#### -context string +Set the SELinux context. See mount(8) for details. + +This option was added for compatibility with xfstests which sets +this option via `-o context="system_u:object_r:root_t:s0"`. + +Only works when mounting as root, otherwise you get this error from fusermount3: + + fusermount3: unknown option 'context="system_u:object_r:root_t:s0"' + #### -ctlsock string Create a control socket at the specified location. The socket can be used to decrypt and encrypt paths inside the filesystem. When using @@ -580,7 +590,7 @@ files. They are concatenated for the effective password. Example: echo hello > hello.txt - echo word > world.txt + echo world > world.txt gocryptfs -passfile hello.txt -passfile world.txt The effective password will be "helloworld". diff --git a/Documentation/file-format.md b/Documentation/file-format.md index 7cce72c..7c2e2c8 100644 --- a/Documentation/file-format.md +++ b/Documentation/file-format.md @@ -1,43 +1,67 @@ File Format =========== +Empty files are stored as empty files. + +Non-empty files contain a *Header* and one or more *Data blocks*. + Header +------ 2 bytes header version (big endian uint16, currently 2) 16 bytes file id Data block, default AES-GCM mode +-------------------------------- 16 bytes GCM IV (nonce) 1-4096 bytes encrypted data 16 bytes GHASH -Data block, AES-SIV mode (used in reverse mode, or when explicitly enabled with `-init -aessiv`) +Overhead = (16+16)/4096 = 1/128 = 0.78125 % + +Data block, AES-SIV mode +------------------------ + +AES-SIV is used in reverse mode, or when explicitly enabled with `-init -aessiv`. 16 bytes nonce 16 bytes SIV 1-4096 bytes encrypted data -Data block, XChaCha20-Poly1305 (enabled via `-init -xchacha`) +Overhead = (16+16)/4096 = 1/128 = 0.78125 % + +Data block, XChaCha20-Poly1305 +------------------------------ + +Enabled via `-init -xchacha` 24 bytes nonce 1-4096 bytes encrypted data 16 bytes Poly1305 tag -Full block overhead (AES-GCM and AES-SIV mode) = 32/4096 = 1/128 = 0.78125 % +Overhead = (24+16)/4096 = 0.98 % -Full block overhead (XChaCha20-Poly1305 mode) = 40/4096 = \~1 % +Examples +======== -Example: 1-byte file, AES-GCM and AES-SIV mode ----------------------------------------------- +0-byte file (all modes) +----------------------- + + (empty) + +Total: 0 bytes + +1-byte file, AES-GCM and AES-SIV mode +------------------------------------- Header 18 bytes Data block 33 bytes Total: 51 bytes -Example: 5000-byte file, , AES-GCM and AES-SIV mode ---------------------------------------------------- +5000-byte file, , AES-GCM and AES-SIV mode +------------------------------------------ Header 18 bytes Data block 4128 bytes @@ -45,19 +69,24 @@ Example: 5000-byte file, , AES-GCM and AES-SIV mode Total: 5082 bytes -Example: 1-byte file, XChaCha20-Poly1305 mode ----------------------------------------------- +1-byte file, XChaCha20-Poly1305 mode +------------------------------------ Header 18 bytes Data block 41 bytes Total: 59 bytes -Example: 5000-byte file, XChaCha20-Poly1305 mode ----------------------------------------------- +5000-byte file, XChaCha20-Poly1305 mode +--------------------------------------- Header 18 bytes Data block 4136 bytes Data block 944 bytes Total: 5098 bytes + +See Also +======== + +https://nuetzlich.net/gocryptfs/forward_mode_crypto/ / https://github.com/rfjakob/gocryptfs-website/blob/master/docs/forward_mode_crypto.md diff --git a/Documentation/performance.txt b/Documentation/performance.txt index 24265f5..7e964e0 100644 --- a/Documentation/performance.txt +++ b/Documentation/performance.txt @@ -73,6 +73,10 @@ v2.0-beta2-37-g24d5d39 558 1000 12.3 6.4 4.4 2.8 v2.0-beta2-42-g4a07d65 549 1000 8.2 4.7 1.8 2.4 fusefrontend: make dirCache work for "node itself" v2.0 420 1000 8.5 4.5 1.8 2.3 go1.16.5, Linux 5.11.21 v2.0.1-28-g49507ea 471 991 8.6 4.5 1.7 2.2 +v2.0.1-28-g49507ea 335 951 10.2 5.4 4.1 2.0 go1.25.4, Linux 6.18.6 +v2.6.1-22-gbc94538 432 950 10.0 5.4 3.8 2.0 +v2.6.1-24-gb239d51 426 941 9.9 5.5 3.7 2.0 go-fuse v2.9.0 +v2.6.1-26-g700432e 461 962 9.8 5.4 2.0 2.0 Results for EncFS for comparison (benchmark.bash -encfs): |