@ -9,7 +9,6 @@ readonly gocrypt_needs_passphrase_marker=".gocrypt-needs-passphrase"
gocrypt_sys_check( ) {
which gocryptfs > /dev/null || gocrypt_die "gocryptfs not found in PATH"
which perl > /dev/null || gocrypt_die "perl not found in PATH"
}
gocrypt_env_check( ) {
@ -36,13 +35,6 @@ _cmd_git() {
[ -d '.git' ] && cmd_git " $@ "
}
gocrypt_derive_password( ) {
local data = " $1 "
local key = " $2 "
perl <<< " use Digest::SHA qw(hmac_sha256_hex);\$digest=hmac_sha256_hex(\" $data \n\", \" $key \");print(\$digest); "
}
gocrypt_init( ) {
local needs_passphrase = false
local passphrase = ""
@ -67,7 +59,6 @@ gocrypt_init() {
if $needs_passphrase ; then
echo -n "Enter passphrase: "
read -s passphrase
[ [ " $passphrase " = ~ [ ^a-zA-Z0-9\ ] ] ] && gocrypt_die "Only alphanumeric characters are allowed for now"
local passphrase_confirm = ""
echo
echo -n "Confirm passphrase: "
@ -84,7 +75,7 @@ gocrypt_init() {
mkdir " $gocrypt_dir "
if $needs_passphrase ; then
touch " $gocrypt_needs_passphrase_marker "
gocrypt_passwd = " $( gocrypt_derive_password " $gocrypt_passwd " " $passphrase " ) "
gocrypt_passwd = " $gocrypt_passwd $passphrase "
fi
gocryptfs -passfile /dev/stdin -init " $gocrypt_dir " <<< " $gocrypt_passwd " || gocrypt_die "Unable to initialize gocryptfs"
@ -121,7 +112,7 @@ gocrypt_open() {
local passphrase = ""
echo -n "Enter passphrase: "
read -s passphrase
gocrypt_passwd = " $( gocrypt_derive_password " $gocrypt_passwd " " $passphrase " ) "
gocrypt_passwd = " $gocrypt_passwd $passphrase "
fi
fi
@ -169,10 +160,11 @@ usage
You can optionally use an extra piece of symmetric passphrase to encrypt the subdirectory, by
passing the argument -p or --passphrase when invoking this command to initialize. In this case ,
the passphrase you input will be used along with the generated password to derive a new master
password for gocryptfs. This second piece of passphrase will not be stored in the password store,
and you will be asked for it every time you invoke \` $PROGRAM gocrypt open\` . This mode adds an
extra layer of protection in case the gpg-encrypted master password is somehow compromised.
the passphrase you input will be used along with the generated password to derive the encryption
key ( KEK) of the master key of gocryptfs. This second piece of passphrase will not be stored in
the password store, and you will be asked for it every time you invoke \` $PROGRAM gocrypt open\` .
This mode adds an extra layer of protection in case the gpg-encrypted master password is somehow
compromised.
$PROGRAM gocrypt open
Mount the encrypted subdirectory to \$ PASSWORD_STORE_DIR/$gocrypt_dec_dir .