Comments (9)
from gocryptfs.
from gocryptfs.
Decrypting using the password (i.e. without -masterkey) works normally?
Thanks for the prompt response. Will test momentarily and let you know.
from gocryptfs.
Decrypting using the password (i.e. without -masterkey) works normally?
Just tested it.
In short: YES, IT WORKS! (without -masterkey
and instead supplying -config
pointing to a backup of the complete .gocryptfs.reverse.conf file):
In detail: here's the complete test procedure, changed for this case:
mkdir /tmp/gocryptfs_corruption_test
cd !$
export N='===Short_name'; echo $N
mkdir original_data
mkdir original_data/$N
echo Mary Had A Little Lamb > original_data/$N/$N
gocryptfs -init -reverse -deterministic-names original_data
-> Pick whatever password you want; I used "lO22343%fT" (without quotes)
-> This time, no need to take note of the master key as we will be using a copy of the gocryptfs.conf file plus the password entered above.
mkdir encrypted_data
gocryptfs -reverse -deterministic-names original_data encrypted_data
-> Enter the same password as above.
mkdir recovered_encrypted_data
cp -rp encrypted_data/. recovered_encrypted_data/.
cp original_data/.gocryptfs.reverse.conf original_data_-_DOT.gocryptfs.reverse.conf
mkdir recovered_decrypted_data
gocryptfs -config original_data_-_DOT.gocryptfs.reverse.conf -deterministic-names -nosyslog recovered_encrypted_data recovered_decrypted_data
-> Enter the same password used above
cat recovered_decrypted_data/\=\=\=Short_name/\=\=\=Short_name
Mary Had A Little Lamb
-> The expected result, instead of an error.
So right there, that's the workaround for my use case: just stash the complete config file plus its password somewhere safe, instead of just the masterkey so the former can be used in the recovery instead of the latter. Thank you for that.
OTOH it's much less convenient to safely save the config file as it's a couple of hundred bytes long... eg in a password vault app or similar. So, if/when you can fix this and get -masterkey
working, it would be much appreciated.
EDIT: perhaps a shout-out is in order to everyone who may be depending on -masterkey
instead of saving the entire config file, lest they find themselves unable to restore their data when the config file goes to heck along their original data... just a suggestion, tho.
from gocryptfs.
Ah, now I see what's going on: you need to pass -aessiv when you mount with -masterkey.
And now that you mention it, I can see it's even in the documentation:
man gocryptfs
(...)
-masterkey string
(...)
Even if a config file exists, it will not be used. All non-standard settings have to be
passed on the command line: -aessiv when you mount a filesystem that was created using reverse mode, or
-plaintextnames for a filesystem that was created with that option.
So, my mistake for not properly reading the documentation 🤦♂️...
Sorry for the false alarm, and thanks for the clarification. Closing this issue now.
from gocryptfs.
Sorry for the false alarm, and thanks for the clarification. Closing this issue now.
Reopening this issue for just one more observation/suggestion:
I just noticed that I was technically in accordance with the documentation: for the mount command, along with -masterkey
I did specify every non-standard option I used during -init
, which in my case was only -deterministic-names
.
In other words, I did not specify -aessiv
on the gocryptfs -init
command; what I did specify was -deterministic-names
which, on gocryptfs -init
implies -aessiv
, but apparently does not imply it during the mount command (where I also specified -deterministic-names
).
So, I gotta ask: is there any specific reason for -deterministic-names
not implying -aessiv
during mount?
If not, may I humbly suggest that you make it so? Will probably save some other unfortunate person a few hours and some pulled hair... :-)
TIA!
from gocryptfs.
-reverse implies -aessiv, https://github.com/rfjakob/gocryptfs/blob/master/Documentation/MANPAGE.md#-reverse
from gocryptfs.
Emphasized that in 7883d38
from gocryptfs.
BTW this dance
cp original_data/.gocryptfs.reverse.conf original_data_-_DOT.gocryptfs.reverse.conf
should be unneccessary as .gocryptfs.reverse.conf
is shown as gocryptfs.conf
in the encrypted view.
from gocryptfs.
Related Issues (20)
- avoid shelling out to logger binary HOT 4
- [Question] Is using the same config for multiple filesystems a bad idea? HOT 1
- Listing plain text names with encrypted names HOT 5
- question regarding GOCRYPTFS_BAD_NAME behavior in case of file content corruption HOT 1
- hard restart has broken my disc HOT 3
- Install gocryptfs through conda
- Decrypt to folder HOT 1
- Logger keeps from umounting: target is busy. HOT 3
- recreated gocryptfs.conf using masterkey have different EncryptedKey and Salt HOT 1
- [Question] Encrypted backups without reverse mode possible? HOT 4
- How may root check whether a Gocryptfs mount point exists (when in use)? HOT 1
- MacOS: Can't delete diacritically named files (NFC unicode form) HOT 1
- Empty stdin in mkinitcpio hook HOT 12
- Avoid duplicate kernel options
- BUG: Unable to build on ARM HOT 5
- Feature request: exclude files in read-only forward mode
- 2 directories seems to always break gocryptfs HOT 6
- passing options to FUSE HOT 2
- poor write performance over cifs HOT 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gocryptfs.