| Age | Commit message (Collapse) | Author | 
|---|
|  | Quoting fusefrontend_reverse/node_helpers.go :
	// File names are padded to 16-byte multiples, encrypted and
	// base64-encoded. We can encode at most 176 bytes to stay below the 255
	// bytes limit:
	// * base64(176 bytes) = 235 bytes
	// * base64(192 bytes) = 256 bytes (over 255!)
	// But the PKCS#7 padding is at least one byte. This means we can only use
	// 175 bytes for the file name.
Noticed by @bailey27 at https://github.com/rfjakob/gocryptfs/issues/499#issuecomment-955790427 | 
|  | Feature flag + numeric paramater
https://github.com/rfjakob/gocryptfs/issues/499 | 
|  | We used to do validation using lists of mandatory feature flags.
With the introduction of XChaCha20Poly1305, this became too
simplistic, as it uses a different IV length, hence disabling
GCMIV128.
Add a dedicated function, Validate(), with open-coded validation
logic.
The validation and creation logic also gets XChaCha20Poly1305
support, and gocryptfs -init -xchacha now writes the flag into
gocryptfs.conf. | 
|  | Mount flag only at the moment, not saved to gocryptfs.conf.
https://github.com/rfjakob/gocryptfs/issues/452 | 
|  | And store it in gocryptfs.conf (=remove DirIV feature flag). | 
|  |  | 
|  |  | 
|  | readpassword.Trezor() is not implemented yet and returns
a hardcoded dummy key. | 
|  | ...but keep it disabled by default for new filesystems.
We are still missing an example filesystem and CLI arguments
to explicitely enable and disable it. | 
|  | This will be re-enabled once it is implemented. | 
|  |  | 
|  | Through base64.RawURLEncoding.
New command-line parameter "-raw64". | 
|  |  | 
|  | GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV. | 
|  |  | 
|  | The plan is to drop support for the oldest filesystem versions
in gocryptfs v1.0. For now, we only warn the user. | 
|  | This should make things saner and more extensible. It prepares
the infrastructure for "required feature flags" that will be used
to deprecate old gocryptfs version. |