| Age | Commit message (Collapse) | Author |
|---|
|
Add support for 'fscrypt lock'. This command "locks" a directory,
undoing 'fscrypt unlock'.
When the filesystem keyring is used, 'fscrypt lock' also detects when a
directory wasn't fully locked due to some files still being in-use. It
can then be run again later to try to finish locking the files.
|
|
Linux v5.4 and later allows fscrypt keys to be added/removed directly
to/from the filesystem via the new ioctls FS_IOC_ADD_ENCRYPTION_KEY and
FS_IOC_REMOVE_ENCRYPTION_KEY. Among other benefits, these fix the key
visibility problems that many users have been running into, where system
services and containers can't access encrypted files.
Allow the user to opt-in to using these new ioctls for their existing
encrypted directories by setting in their /etc/fscrypt.conf:
"use_fs_keyring_for_v1_policies": true
Note that it can't really be on by default, since for v1 policies the
ioctls require root, whereas user keyrings don't. I.e., setting this to
true means that users will need to use 'sudo fscrypt unlock', not
'fscrypt unlock'. v2 policies won't have this restriction.
|
|
In preparation for introducing support for the new filesystem-level
keyrings, move the existing user keyring management code from
security/keyring.go and crypto/crypto.go into a new package, 'keyring'.
This package provides functions AddEncryptionKey, RemoveEncryptionKey,
and GetEncryptionKeyStatus which delegate to either the filesystem
keyring (added by a later patch) or to the user keyring. This provides
a common interface to both types of keyrings, to the extent possible.
|
|
Preserve empty lines rather than squashing them into a single space.
This allows having command descriptions that contain multiple
paragraphs. This also eliminates the need to have a special case for
ordered lists.
|
|
Refer to the target User as 'targetUser' rather than simply 'target'.
This will help avoid confusion when we add support for the filesystem
keyring, since then the Mount will also be a "target".
|
|
Saying "Your data can be protected with one of the following sources" is
ambiguous because it could be interpreted to mean that an encrypted
directory can only have one type of protector. In fact, an encrypted
directory can have multiple protectors, and they can be of any type.
Update https://github.com/google/fscrypt/issues/164
|
|
Make it clear that this refers to a type of filesystem such as "ext4",
rather than to a specific filesystem instance.
|
|
Make the global setup command also create the metadata directory at
/.fscrypt, since that's where login protectors are placed, even when the
actual encrypted directories are on a different filesystem.
Resolves https://github.com/google/fscrypt/issues/129
|
|
Show the encryption options when running 'fscrypt status' on a
directory. E.g.:
Policy: 490515286453d3f7
Options: padding:32 contents:Adiantum filenames:Adiantum
Unlocked: Yes
|
|
These were found by a combination of manual review and a custom script
that checks for common errors.
Also removed an outdated sentence from the comment for setupBefore().
|
|
Resolves https://github.com/google/fscrypt/issues/132
|
|
* Remove spelling mistakes in the repository
* Add travis script to check for typos.
* Add command to Makefile to check for typos.
* Fixes #71
|
|
Running "go vet -shadow ./..." finds all places where a variable might
be incorrectly or unnecessarily shadowed. This fixes some of them.
|
|
|
|
Our current build tags set off the linter. We will later add in more
comprehensive build tags that will be properly formatted.
|
|
|
|
|
|
We should always log the descriptor not the entire policy structure.
|
|
Now the user is persented with help when they try to access a keyring
that isn't theirs or try to use fscrypt without a user keyring linked
into the session keyring.
|
|
Chaning the --user flag to (optionally) check for a proper keyring setup
allows us to fail early in cases where we need a working keyring.
|
|
|
|
The --user flag can now be used to have the targe user (the one whose
keyring and password will be used in fscrypt) be different than the
calling user. Very usefull for things like
sudo fscrypt purge /media/joerichey/usb --user=joerichey
which will now have privileges to drop caches, but will properly clear
the keys from the user's keyring.
|
|
|
|
|
|
|
|
|
|
|
|
The key file for the raw_key source is required to contain a wrapping
key (32 bytes), not a policy key (64 bytes).
|
|
|
|
The commit changes how we get the username representation, and uses the
new pam API for checking the proposed login token.
|
|
|
|
Now that we can distinguish between lacking encryption support and
lacking fscrypt metadata, "fscrypt status" can now display this
additional information.
|
|
Almost all actions only need to to check that the fscrypt metadata
exists (this is handled by the Mount methods). Only "fscrypt encrypt"
need to be sure the filesystem also supports encryption, so this check
is added.
|
|
Protectors are only reverted if they were created, and Policies are only
depovisioned on failure.
|
|
This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.
Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).
Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280
|
|
This commit adds in the "fscrypt metadata add-protector-to-policy" and
the "fscrypt metadata remove-protector-from-policy" subcommands. These
commands allow for the creating of policies protected by multiple
protectors.
Change-Id: Id7e6c057448d15757c838a82d487a1b9806f585d
|
|
This command adds in the "fscrypt metadata" command. This command allows
advanced users to manipulate the metadata directly instead of just
creating a policy or protector as an option when encrypting a directory.
As some of these methods will require certain flags, error handling for
this case is also added. As the change passphrase method must indicate
when a old vs new password is necessary, additional KeyFuncs are added
which add this indicator.
Change-Id: Ibc92872088fae078df3c0eebd4f0cfcb7252d781
|
|
This commit adds in the status command, which has 2 functions, allowing
the user to query the state of the entire system or a specific
filesystem.
This commit also adds in the purge command to remove all policy keys
corresponding to a filesystem. This (along with getting the unlock
status for the status commands) uses additional keyctl functionality in
the crypto and actions packages.
Change-Id: Ic8e097b335c044c0b91973eff19753f363f4525d
|
|
This commit adds in the framework for adding commands and subcommands to
the fscrypt tool. This commit adds in the "setup", "encrypt", and
"unlock" commands. Additional information can be found by running:
fscrypt <command> --help.
This commit defines how flags are parsed and errors are handled. It also
creates an extensible framework for prompting the user for information.
Change-Id: I159d7f44ee2b2bbc5e072f0802850e082d9a13ce
|
|
This commit adds in a stub fscrypt program. The binary just tells the
time and the tests do nothing, but the Makefile will build them! This
commit also adds documentation to the README that explains how to get,
build, run, test, format, lint, and install the code.
Also note that the executable is now in the cmd/fscrypt directory. The
library implementing the core functionality will be at the root. This
is essentially point 2 of https://medium.com/@benbjohnson/structuring-applications-in-go-3b04be4ff091
Change-Id: Ib7bd782e458bdf3db456beb978be4c75b4734561
|
