From d530fbd400c88fa54c856d958963d77669ac9cf2 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Mon, 1 Nov 2021 14:44:32 +0100 Subject: docs: names longer than 175 bytes (not 176) are stored in longnames Quoting fusefrontend_reverse/node_helpers.go : // File names are padded to 16-byte multiples, encrypted and // base64-encoded. We can encode at most 176 bytes to stay below the 255 // bytes limit: // * base64(176 bytes) = 235 bytes // * base64(192 bytes) = 256 bytes (over 255!) // But the PKCS#7 padding is at least one byte. This means we can only use // 175 bytes for the file name. Noticed by @bailey27 at https://github.com/rfjakob/gocryptfs/issues/499#issuecomment-955790427 --- Documentation/MANPAGE.md | 7 ++++--- cli_args.go | 2 +- internal/configfile/feature_flags.go | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md index b9c72dd..ffed44e 100644 --- a/Documentation/MANPAGE.md +++ b/Documentation/MANPAGE.md @@ -318,9 +318,10 @@ the directories. Example: gocryptfs -ko noexec /tmp/foo /tmp/bar #### -longnames -Store names longer than 176 bytes in extra files (default true) -This flag is useful when recovering old gocryptfs filesystems using -"-masterkey". It is ignored (stays at the default) otherwise. +Store names that are longer than 175 bytes in extra files (default true). + +This flag is only useful when recovering very old gocryptfs filesystems (gocryptfs v0.8 and earlier) +using "-masterkey". It is ignored (stays at the default) otherwise. #### -nodev See `-dev, -nodev`. diff --git a/cli_args.go b/cli_args.go index e925345..6b97744 100644 --- a/cli_args.go +++ b/cli_args.go @@ -163,7 +163,7 @@ func parseCliOpts(osArgs []string) (args argContainer) { flagSet.BoolVar(&args.quiet, "quiet", false, "Quiet - silence informational messages") flagSet.BoolVar(&args.nosyslog, "nosyslog", false, "Do not redirect output to syslog when running in the background") flagSet.BoolVar(&args.wpanic, "wpanic", false, "When encountering a warning, panic and exit immediately") - flagSet.BoolVar(&args.longnames, "longnames", true, "Store names longer than 176 bytes in extra files") + flagSet.BoolVar(&args.longnames, "longnames", true, "Store names longer than 175 bytes in extra files") flagSet.BoolVar(&args.allow_other, "allow_other", false, "Allow other users to access the filesystem. "+ "Only works if user_allow_other is set in /etc/fuse.conf.") flagSet.BoolVar(&args.reverse, "reverse", false, "Reverse mode") diff --git a/internal/configfile/feature_flags.go b/internal/configfile/feature_flags.go index e45b20c..d6627a5 100644 --- a/internal/configfile/feature_flags.go +++ b/internal/configfile/feature_flags.go @@ -14,7 +14,7 @@ const ( // This flag is mandatory since gocryptfs v1.0, // except when XChaCha20Poly1305 is used. FlagGCMIV128 - // FlagLongNames allows file names longer than 176 bytes. + // FlagLongNames allows file names longer than 175 bytes. FlagLongNames // FlagLongNameMax sets a custom name length limit, names longer than that // will be hashed. -- cgit v1.2.3