-
Notifications
You must be signed in to change notification settings - Fork 257
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request for comments: Allow more than one encrypted master key #760
base: master
Are you sure you want to change the base?
Conversation
Hi, thanks for the PR! I understand the need, but I am afraid of the complexity and the format change. Maybe this could be done by having multiple copies of gocryptfs.conf ? Like, gocryptfs.user1.conf etc. This would work already today using the |
This does work already. The only UX improvement I would recommend is prompting the user for the masterkey (to recreate the config file) instead of accepting it on stdin - as to not expose the masterkey to buffer and history. |
Hello,
I've hacked a fix to #748. This is not ready for merge. But before putting more work into this, I need some feedback.
So long,
gocryptfs
only allows one instance of the encrypted master key. (Decryption could be done with a passphrase or by using a (modern) FIDO2 device.)I hacked the
gocryptfs.conf
configuration format from v2 to v3. The new format supports (a) several instances of the encrypted master key and (b) several instances of the FIDO2 device details. v2 could be easily converted to v3.Omissions:
Usage
Is that anything
gocryptfs
could consider to merge when ready?Kind regards,
aanno