Peter Cai
b014a9a440
Concatenate the symmetric keys instead of using HMAC-SHA256
...
There is no point trying to KDF here. Gocryptfs does its own KDF anyway
(https://nuetzlich.net/gocryptfs/forward_mode_crypto/ ), and a leaked
gocryptfs password is not really in our security model (because that
compromises the entire storage in any case).
2022-10-10 20:13:52 -04:00
Peter Cai
518e38b11b
Add LICENSE
2022-10-10 17:35:58 -04:00
Peter Cai
d6e7763de3
Add README
2022-10-10 17:35:08 -04:00
Peter Cai
124a293a33
Only allow alphanumeric passphrases for now
...
We would need to sanitize the input for perl, or find a better way to do
hmac_sha256 here.
2022-10-10 16:21:20 -04:00
Peter Cai
ca322277b2
Supress git errors when the pass store is not a git repo
2022-10-10 16:16:50 -04:00
Peter Cai
f9902f8989
Support an extra symmetric passphrase for protecting the crypt subtree
...
This can help protect against gpg vulnerabilities (e.g. quantum
computing) and/or leakage.
2022-10-10 16:08:44 -04:00
Peter Cai
fe28c7e3df
Check extraneous arguments on each subcommand
2022-10-10 15:36:37 -04:00
Peter Cai
cf670956d8
Use $PROGRAM when delegating pass commands
2022-10-10 15:08:28 -04:00
Peter Cai
9ae5562869
Switch to using internal functions fron pass instead of using pass directly
2022-10-10 15:07:58 -04:00
Peter Cai
780e62a713
gocrypt: Use lazy unmount when absolutely necessary
2022-10-10 14:55:42 -04:00
Peter Cai
1457458ab8
Quote $@ in bash scripts
2022-10-10 14:53:26 -04:00
Peter Cai
c9c4f16860
Add `crypt` subcommand to migrate from outside the subdirectory
2022-10-10 14:50:54 -04:00
Peter Cai
cc36d53933
Check whether the subdirectory has been opened before opening
2022-10-10 11:39:44 -04:00
Peter Cai
9f1997837e
Add help message
2022-10-10 11:36:12 -04:00
Peter Cai
188f523148
Initial implementation of the gocrypt plugin
2022-10-10 11:05:41 -04:00
Peter Cai