Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature request] show gocryptfs master key during initialization #284

Open
CertainBot opened this issue Apr 21, 2024 · 4 comments
Open
Labels
enhancement New feature or request

Comments

@CertainBot
Copy link

I haven't found it anywhere in the app, so forgive me if its already there.

The master key is needed to recover the acces to the encrypted files in case the .conf file gets corrupted or lost. Would be nice to be shown (and maybe copied) the same way Linux version does

Thanks

@hardcore-sushi
Copy link
Owner

Yes indeed that would be nice to have. How should it be implemented on the UI?

@hardcore-sushi hardcore-sushi added the enhancement New feature or request label Apr 23, 2024
@CertainBot
Copy link
Author

The linux terminal gocryptfs show this message on initialization of the cipher folder:

Your master key is:

bc72d53b-464824f0-4942948e-8d6f28e4-
119510e1-41c48500-dc8cbdc9-64ffcd48

If the gocryptfs.conf file becomes corrupted or you ever forget your password,
there is only one hope for recovery: The master key. Print it to a piece of
paper and store it in a drawer. This message is only printed once.

Maybe a dialog with a text similar to that and the Master Key in a field that can be copied with a button should be enough. Having it in the clipboard might be critical for some depending on the threat model so maybe advising that should be enough for the user to decide if to copy it by hand or via the clipboard

@ghost
Copy link

ghost commented Jun 28, 2024

The linux terminal gocryptfs show this message on initialization of the cipher folder:

Your master key is:

bc72d53b-464824f0-4942948e-8d6f28e4-
119510e1-41c48500-dc8cbdc9-64ffcd48

If the gocryptfs.conf file becomes corrupted or you ever forget your password, there is only one hope for recovery: The master key. Print it to a piece of paper and store it in a drawer. This message is only printed once.

Maybe a dialog with a text similar to that and the Master Key in a field that can be copied with a button should be enough. Having it in the clipboard might be critical for some depending on the threat model so maybe advising that should be enough for the user to decide if to copy it by hand or via the clipboard

Is it easy to realize my ideas?

What the user sees on the UI:

  1. You click 'Add Volume'
  2. You enter the name and path of the volume.
  3. you enter the password for the volume 2 times
  4. The new volume is automatically decrypted and mounted.
  5. instead of seeing the "empty directory" prompt, you see a file called masterkey.txt
  6. Open masterkey.txt. Find your key. You can delete the file or keep it.

Developer action:

Create a file named 'masterkey.txt' in the root directory of the volume. Write the 'masterkey' and other prompts to this text file. The text file is encrypted and it will be stored on internal storage or SD card. The text file is stored in the same volume as other files that need to be protected.

@hardcore-sushi
Copy link
Owner

I prefer the dialog idea. I find it better aligned with original gocryptfs, more secure, and less confusing for the user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants