summaryrefslogtreecommitdiff
path: root/cryptfs/cryptfs.go
AgeCommit message (Collapse)Author
2016-02-06Rename DirIVCacheEnc to just DirIVCacheJakob Unterwurzacher
...and unexport dirIVCache
2016-01-21Wrap Logger to make disabling output more efficientJakob Unterwurzacher
Instead of using SetOutput(ioutil.Discard), which means that Printf is still called for every debug message, use a simple and fast boolean check. Streaming write performance improves from 86 to 93 MB/s.
2015-12-19Use NewGCMWithNonceSize only through goGCMWrapper to support Go 1.4Jakob Unterwurzacher
2015-12-19Increase GCM IV size from 96 to 128 bitsJakob Unterwurzacher
This pushes back the birthday bound for collisions to make it virtually irrelevant.
2015-12-13go fmtJakob Unterwurzacher
...and minimal comment changes.
2015-12-08Add EME filename encryption & enable it by defaultJakob Unterwurzacher
2015-11-29Add single-element cache for DirIV lookupJakob Unterwurzacher
Another 3x performance boost for applications that walk the directory tree. Excerpt from performance.txt: VERSION UNTAR LS RM v0.4 48 1.5 5 v0.5-rc1 56 7 19 v0.5-rc1-1 54 4.1 9 v0.5-rc1-2 45 1.7 3.4 <---- THIS VERSION
2015-11-25diriv: Create gocryptfs.diriv in every directoryJakob Unterwurzacher
2015-11-03Update USAGE.txtJakob Unterwurzacher
Also run go fmt
2015-11-03Implement PlainTextNames modeJakob Unterwurzacher
Also, forbid access to "gocryptfs.conf" in the root dir.
2015-11-01Refactor ciphertext <-> plaintext offset translation functionsJakob Unterwurzacher
Move all the intelligence into the new file address_translation.go. That the calculations were spread out too much became apparent when adding the file header. This should make the code much easier to modify in the future.
2015-11-01Add file header (on-disk-format change)Jakob Unterwurzacher
Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random *file id* * Each block uses the file id and its block number as GCM *authentication data* * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error.
2015-10-06Use block number as authentication dataJakob Unterwurzacher
2015-10-06Switch to AES-256Jakob Unterwurzacher
AES-256 seems to be becoming the industry standard. While AES-128 is good enough for tens of years to come, let's follow suit and be extra safe.
2015-10-06Implement proper daemonizationJakob Unterwurzacher
The shell wrapper sends gocryptfs into the background and waits for SIGUSR1
2015-10-04Run go fmtJakob Unterwurzacher
2015-10-03debug: log inode number instead of encrypted filenameJakob Unterwurzacher
Makes the log output smaller and more readable.
2015-10-03Implement file hole passtroughJakob Unterwurzacher
Fixes xfstests generic/010 Note that file holes are not authenticated,
2015-09-13Encrypt key with scrypt-hashed passwordJakob Unterwurzacher
2015-09-13Implement json config storage (not yet encrypted)Jakob Unterwurzacher
2015-09-06Add OpenSSL support for file content encryption/decryptionJakob Unterwurzacher
This brings streaming read performance from 30MB/s to 81MB/s (similar improvement for writes)
2015-09-05Cleanup and rename filesJakob Unterwurzacher
2015-09-05Fix size reportingJakob Unterwurzacher
2015-09-05Fix write pathJakob Unterwurzacher
2015-09-05Wrap cluefs part IJakob Unterwurzacher