summaryrefslogtreecommitdiff
path: root/cryptfs/cryptfs.go
AgeCommit message (Collapse)Author
2015-11-01Add file header (on-disk-format change)Jakob Unterwurzacher
Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ] Quoting SECURITY.md: * Every file has a header that contains a 16-byte random *file id* * Each block uses the file id and its block number as GCM *authentication data* * This means the position of the blocks is protected as well. The blocks can not be reordered or copied between different files without causing an decryption error.
2015-10-06Use block number as authentication dataJakob Unterwurzacher
2015-10-06Switch to AES-256Jakob Unterwurzacher
AES-256 seems to be becoming the industry standard. While AES-128 is good enough for tens of years to come, let's follow suit and be extra safe.
2015-10-06Implement proper daemonizationJakob Unterwurzacher
The shell wrapper sends gocryptfs into the background and waits for SIGUSR1
2015-10-04Run go fmtJakob Unterwurzacher
2015-10-03debug: log inode number instead of encrypted filenameJakob Unterwurzacher
Makes the log output smaller and more readable.
2015-10-03Implement file hole passtroughJakob Unterwurzacher
Fixes xfstests generic/010 Note that file holes are not authenticated,
2015-09-13Encrypt key with scrypt-hashed passwordJakob Unterwurzacher
2015-09-13Implement json config storage (not yet encrypted)Jakob Unterwurzacher
2015-09-06Add OpenSSL support for file content encryption/decryptionJakob Unterwurzacher
This brings streaming read performance from 30MB/s to 81MB/s (similar improvement for writes)
2015-09-05Cleanup and rename filesJakob Unterwurzacher
2015-09-05Fix size reportingJakob Unterwurzacher
2015-09-05Fix write pathJakob Unterwurzacher
2015-09-05Wrap cluefs part IJakob Unterwurzacher