Age | Commit message (Collapse) | Author |
|
Force decode of encrypted files even if the integrity check fails, instead of
failing with an IO error. Warning messages are still printed to syslog if corrupted
files are encountered.
It can be useful to recover files from disks with bad sectors or other corrupted
media.
Closes https://github.com/rfjakob/gocryptfs/pull/102 .
|
|
* Further explain the use of 'scryptn' parameter
* Further explain the use of 'scryptn' parameter in MANPAGE
* Use 28 as reasonable upper limit
|
|
Due to kernel readahead, we usually get multiple read requests
at the same time. These get submitted to the backing storage in
random order, which is a problem if seeking is very expensive.
Details: https://github.com/rfjakob/gocryptfs/issues/92
|
|
This brings the CLI options back in sync with the default
feature flags.
|
|
This commit also enables actually passing the HKDF setting to
fusefrontend, this was missing till now.
|
|
A crypto benchmark mode like "openssl speed".
Example run:
$ ./gocryptfs -speed
AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode)
AES-GCM-256-Go 48.19 MB/s
AES-SIV-512-Go 37.40 MB/s
|
|
...and while we are at it, also filenames starting with "-".
|
|
As requested in https://github.com/rfjakob/gocryptfs/issues/73 .
|
|
Both are achieved by opening the socket from main and passing
it to the ctlsock package instead of passing the path.
|
|
Preallocation is very slow on hdds that run btrfs. Give the
user the option to disable it. This greatly speeds up small file
operations but reduces the robustness against out-of-space errors.
Also add the option to the man page.
More info: https://github.com/rfjakob/gocryptfs/issues/63
|
|
At the moment, in forward mode you can only encrypt paths
and in reverse mode you can only decrypt paths.
|
|
"-f" looks too much like "--force". The old variant is still
accepted for compatability.
|
|
Through base64.RawURLEncoding.
New command-line parameter "-raw64".
|
|
Close https://github.com/rfjakob/gocryptfs/issues/54
|
|
"The options -extpass and -masterkey cannot be used at the same time"
|
|
Binds it to a dummy variable so it appears in the help text.
|
|
Moving "-o" to the end broke a third-party app, SiriKali.
Breaking your users is bad, so let's accept "-o" anywhere.
|
|
|
|
Make it easier to read the password from a file. Internally this
is equivalent to "-extpass /bin/cat FILE".
|
|
When called from mount, we always get either "suid" or "nosuid".
As "nosuid" is the default, just ignore the options. Same for
the other options.
|
|
For compatability with mount(1), options are also accepted as
"-o COMMA-SEPARATED-OPTIONS" at the end of the command line.
For example, "-o q,zerokey" is equivalent to "-q -zerokey".
|
|
This prevents confusion with the "-o" options that is passed
by mount(1) at the end of the command line.
|
|
Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.
Also adds a test for that.
|
|
|
|
|
|
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
|
|
|
|
|
|
The main function has gotten way too big.
|