Concatenate the symmetric keys instead of using HMAC-SHA256

There is no point trying to KDF here. Gocryptfs does its own KDF anyway
(https://nuetzlich.net/gocryptfs/forward_mode_crypto/), and a leaked
gocryptfs password is not really in our security model (because that
compromises the entire storage in any case).
This commit is contained in:
Peter Cai 2022-10-10 20:13:52 -04:00
parent 518e38b11b
commit b014a9a440
2 changed files with 8 additions and 17 deletions

View File

@ -25,7 +25,7 @@ of the original password store (`gocrypt/`), and all read operations from `pass`
without any special care (other than remembering to unlock the subtree first). The encrypted subdirectory is stored in the original
password store under `.gocrypt/`, and can be managed by `git` just like how it was without encryption.
The biggest caveat of this is that write operations (such as `edit` and `generate`) **has** to be prefixed by the `gocrypt` subcommand
The biggest caveat of this is that write operations (such as `edit` and `generate`) **have** to be prefixed by the `gocrypt` subcommand
to ensure compatibility when the outer password store is a git repository. Without the prefix, git commits that are normally created
automatically by `pass` will not be generated during a write. See the Usage section of this document for examples.
@ -41,7 +41,6 @@ Dependencies:
- pass
- bash
- perl
- gocryptfs
Usage

View File

@ -9,7 +9,6 @@ readonly gocrypt_needs_passphrase_marker=".gocrypt-needs-passphrase"
gocrypt_sys_check() {
which gocryptfs > /dev/null || gocrypt_die "gocryptfs not found in PATH"
which perl > /dev/null || gocrypt_die "perl not found in PATH"
}
gocrypt_env_check() {
@ -36,13 +35,6 @@ _cmd_git() {
[ -d '.git' ] && cmd_git "$@"
}
gocrypt_derive_password() {
local data="$1"
local key="$2"
perl <<< "use Digest::SHA qw(hmac_sha256_hex);\$digest=hmac_sha256_hex(\"$data\n\", \"$key\");print(\$digest);"
}
gocrypt_init() {
local needs_passphrase=false
local passphrase=""
@ -67,7 +59,6 @@ gocrypt_init() {
if $needs_passphrase; then
echo -n "Enter passphrase: "
read -s passphrase
[[ "$passphrase" =~ [^a-zA-Z0-9\ ] ]] && gocrypt_die "Only alphanumeric characters are allowed for now"
local passphrase_confirm=""
echo
echo -n "Confirm passphrase: "
@ -84,7 +75,7 @@ gocrypt_init() {
mkdir "$gocrypt_dir"
if $needs_passphrase; then
touch "$gocrypt_needs_passphrase_marker"
gocrypt_passwd="$(gocrypt_derive_password "$gocrypt_passwd" "$passphrase")"
gocrypt_passwd="$gocrypt_passwd$passphrase"
fi
gocryptfs -passfile /dev/stdin -init "$gocrypt_dir" <<< "$gocrypt_passwd" || gocrypt_die "Unable to initialize gocryptfs"
@ -121,7 +112,7 @@ gocrypt_open() {
local passphrase=""
echo -n "Enter passphrase: "
read -s passphrase
gocrypt_passwd="$(gocrypt_derive_password "$gocrypt_passwd" "$passphrase")"
gocrypt_passwd="$gocrypt_passwd$passphrase"
fi
fi
@ -169,10 +160,11 @@ usage
You can optionally use an extra piece of symmetric passphrase to encrypt the subdirectory, by
passing the argument -p or --passphrase when invoking this command to initialize. In this case,
the passphrase you input will be used along with the generated password to derive a new master
password for gocryptfs. This second piece of passphrase will not be stored in the password store,
and you will be asked for it every time you invoke \`$PROGRAM gocrypt open\`. This mode adds an
extra layer of protection in case the gpg-encrypted master password is somehow compromised.
the passphrase you input will be used along with the generated password to derive the encryption
key (KEK) of the master key of gocryptfs. This second piece of passphrase will not be stored in
the password store, and you will be asked for it every time you invoke \`$PROGRAM gocrypt open\`.
This mode adds an extra layer of protection in case the gpg-encrypted master password is somehow
compromised.
$PROGRAM gocrypt open
Mount the encrypted subdirectory to \$PASSWORD_STORE_DIR/$gocrypt_dec_dir.