fscrypt.git/crypto/recovery_test.go, branch v0.3.4 Go tool for managing Linux filesystem encryption Finalize import paths and documentation 2017-06-28T22:15:21+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-06-28T20:57:55+00:00 2c52eca8727df744d093703bbcbd87fc39d57d30 This commit changes all the internal import paths from `fscrypt/foo` to `github.com/google/fscrypt/foo` so that it can be built once we release externaly. The documentation in README.md is updated accordingly. Also, the README has a note noting that we do not make any guarantees about project stability before 1.0 (when it ships with Ubuntu). Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280 
This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.

Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).

Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280
crypto: tests, errors, and descriptor computation 2017-05-31T19:37:35+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-05-24T01:41:36+00:00 bc66b8a56ee7ae4f703cf30502aff8b7d68953d0 This changes the crypto package so it now builds in light of the changes to the util and metadata package. This commit also improves the error handling, adds tests, and makes it so recovery keys now correspond to Policy keys (as they are used to recover a directory in the absence of any metadata). The only feature addition here is the ability to compute descriptors. For backwards compatibility, we keep the same descriptor algorithm used before (double SHA512). Change-Id: Ia2b53c6e85ce65c57595e6823d3c4c92219bc8dc 
This changes the crypto package so it now builds in light of the changes
to the util and metadata package. This commit also improves the error
handling, adds tests, and makes it so recovery keys now correspond to
Policy keys (as they are used to recover a directory in the absence of
any metadata).

The only feature addition here is the ability to compute descriptors.
For backwards compatibility, we keep the same descriptor algorithm used
before (double SHA512).

Change-Id: Ia2b53c6e85ce65c57595e6823d3c4c92219bc8dc
crypto: reading and writing recovery keys 2017-05-02T20:39:18+00:00 Joe Richey joerichey@google.com 2017-03-02T22:01:20+00:00 ee10adc91e79bca395a6b069797a99863fc957dd This commit adds in the concept of recovery codes: human-readable strings that contain the necessary information to rederive a cryptographic key. These keys look like: 73PZBXVP-DKJX7SKV-NNTFIC7A-QEGRPZUX-4K5ORRH2-MTKMKP3B-HFCA==== They are input or output directly to a io.Reader or io.Writer respectively. This prevents the data from passing through unsecured memory before it gets to its destination. Of course, if the provided io.Reader or io.Writer is insecure, there is nothing we can do. In most cases the provided io.Reader or io.Writer will be stdin or stdout. In some rare cases you might want to pipe the output to another key. This commit also adds tests and benchmarks for encoding/decoding recovery codes. It also tests that encoding/decoding will fail in the correct situations. A benchmark is also added to measure the effect of locking the keys in memory. Change-Id: Ifa0bc4c08582789785cf1cdd9a4acfe76c79534f 
This commit adds in the concept of recovery codes: human-readable
strings that contain the necessary information to rederive a
cryptographic key. These keys look like:
	73PZBXVP-DKJX7SKV-NNTFIC7A-QEGRPZUX-4K5ORRH2-MTKMKP3B-HFCA====

They are input or output directly to a io.Reader or io.Writer
respectively. This prevents the data from passing through unsecured
memory before it gets to its destination. Of course, if the provided
io.Reader or io.Writer is insecure, there is nothing we can do. In most
cases the provided io.Reader or io.Writer will be stdin or stdout. In
some rare cases you might want to pipe the output to another key.

This commit also adds tests and benchmarks for encoding/decoding
recovery codes. It also tests that encoding/decoding will fail in the
correct situations. A benchmark is also added to measure the effect of
locking the keys in memory.

Change-Id: Ifa0bc4c08582789785cf1cdd9a4acfe76c79534f