diff options
| author | Eric Biggers <ebiggers@google.com> | 2021-09-14 14:12:39 -0700 |
|---|---|---|
| committer | Eric Biggers <ebiggers3@gmail.com> | 2021-10-05 15:30:30 -0700 |
| commit | 7fed63a84963cbd790e86a0e59ff14724bcf33c4 (patch) | |
| tree | 246e2f723ba3cd7ed3a76e4b8698b1913edabc11 /actions/recovery.go | |
| parent | 4d20c7b6eda7f4e9f25442e0ec48bdf5f959853b (diff) | |
Adjust recovery passphrase generation
As per the feedback at https://github.com/google/fscrypt/issues/115
where users didn't understand that the recovery passphrase is important,
restore the original behavior where recovery passphrase generation
happens automatically without a prompt. This applies to the case where
'fscrypt encrypt' is using a login protector on a non-root filesystem.
However, leave the --no-recovery option so that the recovery passphrase
can still be disabled if the user really wants to. Also, clarify the
information provided about the recovery passphrase.
Update https://github.com/google/fscrypt/issues/115
Diffstat (limited to 'actions/recovery.go')
| -rw-r--r-- | actions/recovery.go | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/actions/recovery.go b/actions/recovery.go index 458349b..f533906 100644 --- a/actions/recovery.go +++ b/actions/recovery.go @@ -86,7 +86,8 @@ func AddRecoveryPassphrase(policy *Policy, dirname string) (*crypto.Key, *Protec // file. This file should initially be located in the encrypted directory // protected by the passphrase itself. It's up to the user to store the // passphrase in a different location if they actually need it. -func WriteRecoveryInstructions(recoveryPassphrase *crypto.Key, path string) error { +func WriteRecoveryInstructions(recoveryPassphrase *crypto.Key, recoveryProtector *Protector, + policy *Policy, path string) error { file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE, 0600) if err != nil { return err @@ -101,9 +102,22 @@ It did this because you chose to protect this directory with your login passphrase, but this directory is not on the root filesystem. Copy this passphrase to a safe place if you want to still be able to unlock this -directory if you re-install your system or connect this storage media to a -different system (which would result in your login protector being lost). -`, recoveryPassphrase.Data()) +directory if you re-install the operating system or connect this storage media +to a different system (which would result in your login protector being lost). + +To unlock this directory using this recovery passphrase, run 'fscrypt unlock' +and select the protector named %q. + +If you want to disable recovery passphrase generation (not recommended), +re-create this directory and pass the --no-recovery option to 'fscrypt encrypt'. +Alternatively, you can remove this recovery passphrase protector using: + + fscrypt metadata remove-protector-from-policy --force --protector=%s:%s --policy=%s:%s + +It is safe to keep it around though, as the recovery passphrase is high-entropy. +`, recoveryPassphrase.Data(), recoveryProtector.data.Name, + recoveryProtector.Context.Mount.Path, recoveryProtector.data.ProtectorDescriptor, + policy.Context.Mount.Path, policy.data.KeyDescriptor) if _, err = file.WriteString(str); err != nil { return err } |