aboutsummaryrefslogtreecommitdiff
path: root/Documentation
AgeCommit message (Collapse)Author
2024-04-19Add option to set FIDO2 verificatoin optioninvis-z
Add an option to specify user verification options for `fido2-assert -t` Options will be saved to config file Provide same functionality to #705 with simpler implementation Resolve #702
2024-04-18MANPAGE: emphasize that -reverse implies -aessiv, so you must specify it ↵Jakob Unterwurzacher
with -masterkey Fixes: https://github.com/rfjakob/gocryptfs/issues/841
2023-11-12Update MANPAGE.mdRohan Talip
Removed repeated "conflicts"
2023-02-01MANPAGE: add a note on enabling Trash on macOSEvgeny
2023-01-08MANPAGE: scryptn: list how much memory is neededJakob Unterwurzacher
Calculated acc. to https://words.filippo.io/the-scrypt-parameters/ , and add benchmarks to double-check the numbers. They match.
2023-01-07Update MANPAGE.mdGisi0
added which package on linux is needed to use fido2 stick
2023-01-01MANPAGE.md: use correct indefinite article a->ana1346054
2022-03-19MANPAGE: document that -scryptn also applies to -passwdJakob Unterwurzacher
Closes https://github.com/rfjakob/gocryptfs/issues/646
2022-01-22MANPAGE: add missing -acl sectionJakob Unterwurzacher
Looks like https://github.com/rfjakob/gocryptfs/commit/86d8336b43418c028c34c37f06fcbd43ab0d44a1 forgot to add the option to the manpage.
2021-12-11tlog: respect NO_COLORJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/617
2021-12-04MANPAGE: fix typoJakob Unterwurzacher
2021-12-04MANPAGE: -extpass: document dash duplication bugJakob Unterwurzacher
Closes https://github.com/rfjakob/gocryptfs/issues/621
2021-11-01docs: names longer than 175 bytes (not 176) are stored in longnamesJakob Unterwurzacher
Quoting fusefrontend_reverse/node_helpers.go : // File names are padded to 16-byte multiples, encrypted and // base64-encoded. We can encode at most 176 bytes to stay below the 255 // bytes limit: // * base64(176 bytes) = 235 bytes // * base64(192 bytes) = 256 bytes (over 255!) // But the PKCS#7 padding is at least one byte. This means we can only use // 175 bytes for the file name. Noticed by @bailey27 at https://github.com/rfjakob/gocryptfs/issues/499#issuecomment-955790427
2021-10-21cli: add -longnamemaxJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/499
2021-09-10Update README & MANPAGEJakob Unterwurzacher
2021-09-10cli: drop -forcedecode flagJakob Unterwurzacher
The rewritten openssl backend does not support this flag anymore, and it was inherently dangerour. Drop it (ignored for compatibility)
2021-09-01*: trim trailing whitespacea1346054
2021-09-01*: fix spellinga1346054
2021-09-01shell scripts: fix shellcheck warningsa1346054
2021-08-26doc: file-format.md: describe XChaCha20-Poly1305Jakob Unterwurzacher
Different nonce size.
2021-08-25-devrandom: make flag a no-opJakob Unterwurzacher
Commit f3c777d5eaa682d878c638192311e52f9c204294 added the `-devrandom` option: commit f3c777d5eaa682d878c638192311e52f9c204294 Author: @slackner Date: Sun Nov 19 13:30:04 2017 +0100 main: Add '-devrandom' commandline option Allows to use /dev/random for generating the master key instead of the default Go implementation. When the kernel random generator has been properly initialized both are considered equally secure, however: * Versions of Go prior to 1.9 just fall back to /dev/urandom if the getrandom() syscall would be blocking (Go Bug #19274) * Kernel versions prior to 3.17 do not support getrandom(), and there is no check if the random generator has been properly initialized before reading from /dev/urandom This is especially useful for embedded hardware with low-entroy. Please note that generation of the master key might block indefinitely if the kernel cannot harvest enough entropy. We now require Go v1.13 and Kernel versions should have also moved on. Make the flag a no-op. https://github.com/rfjakob/gocryptfs/issues/596
2021-08-24MANPAGE: add -xchachaJakob Unterwurzacher
2021-08-20MANPAGE: move nosyslog to MOUNT OPTIONS sectionJakob Unterwurzacher
It was in INIT OPTIONS by mistake.
2021-08-20-deterministic-names: accept flag on -initJakob Unterwurzacher
And store it in gocryptfs.conf (=remove DirIV feature flag).
2021-08-19Flag -zerodiriv to create all diriv as all zero byte filesJose M Perez
2021-08-18MANPAGE: add "exclude all but" exampleJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/588
2021-08-18MANPAGE: -ew: make gitignore syntax more prominentJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/588
2021-08-16reverse mode: implement -one-file-systemJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/475
2021-06-26doc: update performance.txtJakob Unterwurzacher
2021-06-20MANPAGE: describe -badnameJakob Unterwurzacher
2021-06-05doc: add benchmark for v2.0, reformat tableJakob Unterwurzacher
2021-04-07Doc: update performance.txtJakob Unterwurzacher
2021-04-03performance.txt: add dirfd caching resultsJakob Unterwurzacher
Also, add v2.0-beta2-16-geaca820. I bisected the ls performance regression to this commit.
2021-01-10MANPAGE: add sub-headers to EXAMPLESJakob Unterwurzacher
Makes linking to them easier.
2021-01-02-idle: don't lazy-unmountJakob Unterwurzacher
When a process has its working dir inside the mount, the only way we notice is that we get EBUSY when trying to unmount. We used to lazy-unmount in this case, but this means pulling the rug from under the process. For example, bash will start throwing cd: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory messages. Fixes https://github.com/rfjakob/gocryptfs/issues/533
2020-12-20main: add "-kernel_cache" flaggmd20
This option is similar to fuse(8) kernel_cache Verified using vmtouch. Without -kernel_cache: $ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo 10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0,0242321 s, 433 MB/s Files: 1 Directories: 0 Touched Pages: 2560 (10M) Elapsed: 0.011159 seconds Files: 1 Directories: 0 Resident Pages: 0/2560 0/10M 0% Elapsed: 0.000993 seconds With -kernel_cache: $ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo 10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0,0244015 s, 430 MB/s Files: 1 Directories: 0 Touched Pages: 2560 (10M) Elapsed: 0.011564 seconds Files: 1 Directories: 0 Resident Pages: 2560/2560 10M/10M 100% Elapsed: 0.000369 seconds
2020-11-14MANPAGE: add fstab exampleJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/497
2020-11-14MANPAGE: add -info example outputJakob Unterwurzacher
2020-11-14MANPAGE: split up OPTIONS into action flags, init, mount, commonJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/517
2020-11-14MANPAGE: clarify -fg and syslog interactionJakob Unterwurzacher
The flag -fg does NOT imply -nosyslog. Syslog redirection is active when -notifypid is passed.
2020-11-10performance.txt: add v2.0-beta1-9 resultsJakob Unterwurzacher
2020-10-18fusefronted: reject GETXATTR "security.capability"Jakob Unterwurzacher
Unless we are mounted with -suid, we can reject these requests, and gain back some lost speed. Closes https://github.com/rfjakob/gocryptfs/issues/515
2020-10-16performance.txt: add gocryptfs v1.8.0 resultsJakob Unterwurzacher
2020-10-16Update performance.txt with gocryptfs v2.0-beta1 resultJakob Unterwurzacher
As expected, we are slow. Fd caching will be implemented later.
2020-09-12Add support for FIDO2 tokensPavol Rusnak
2020-09-06manpage: link to exitcodes.goJakob Unterwurzacher
2020-05-17main: accept multiple -passfile optionsJakob Unterwurzacher
Each file will be read and then concatenated for the effictive password. This can be used as a kind of multi-factor authenticiton. Fixes https://github.com/rfjakob/gocryptfs/issues/288
2020-05-10gocryptfs-xray: document -encrypt-paths / -decrypt-pathsJakob Unterwurzacher
2020-05-03Documentation: update performance.txtJakob Unterwurzacher
Bisecting shows that the performance drop is caused by this commit: commit ca9e912a28b901387e1dbb85f6c531119f2d5ef2 (refs/bisect/bad) Author: Jakob Unterwurzacher <jakobunt@gmail.com> Date: Sat Feb 29 19:58:08 2020 +0100 fusefrontend: drop xattr user namespace restriction
2020-04-07Update manpage examplesOscar