| Age | Commit message (Collapse) | Author |
|---|
|
Quoting fusefrontend_reverse/node_helpers.go :
// File names are padded to 16-byte multiples, encrypted and
// base64-encoded. We can encode at most 176 bytes to stay below the 255
// bytes limit:
// * base64(176 bytes) = 235 bytes
// * base64(192 bytes) = 256 bytes (over 255!)
// But the PKCS#7 padding is at least one byte. This means we can only use
// 175 bytes for the file name.
Noticed by @bailey27 at https://github.com/rfjakob/gocryptfs/issues/499#issuecomment-955790427
|
|
Feature flag + numeric paramater
https://github.com/rfjakob/gocryptfs/issues/499
|
|
We used to do validation using lists of mandatory feature flags.
With the introduction of XChaCha20Poly1305, this became too
simplistic, as it uses a different IV length, hence disabling
GCMIV128.
Add a dedicated function, Validate(), with open-coded validation
logic.
The validation and creation logic also gets XChaCha20Poly1305
support, and gocryptfs -init -xchacha now writes the flag into
gocryptfs.conf.
|
|
Mount flag only at the moment, not saved to gocryptfs.conf.
https://github.com/rfjakob/gocryptfs/issues/452
|
|
And store it in gocryptfs.conf (=remove DirIV feature flag).
|
|
|
|
|
|
readpassword.Trezor() is not implemented yet and returns
a hardcoded dummy key.
|
|
...but keep it disabled by default for new filesystems.
We are still missing an example filesystem and CLI arguments
to explicitely enable and disable it.
|
|
This will be re-enabled once it is implemented.
|
|
|
|
Through base64.RawURLEncoding.
New command-line parameter "-raw64".
|
|
|
|
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
|
|
|
|
The plan is to drop support for the oldest filesystem versions
in gocryptfs v1.0. For now, we only warn the user.
|
|
This should make things saner and more extensible. It prepares
the infrastructure for "required feature flags" that will be used
to deprecate old gocryptfs version.
|
