Skip to content

Commit

Permalink
Only print masterkey once on -init
Browse files Browse the repository at this point in the history
It is no longer printed at all when mounting a filesystem,
printing on -init can be disabled with -q.

#76
  • Loading branch information
rfjakob committed Jul 1, 2018
1 parent 991891a commit 6d64dfe
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 38 deletions.
1 change: 1 addition & 0 deletions internal/configfile/config_file.go
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ func Create(filename string, password []byte, plaintextNames bool,
} else {
key = cryptocore.RandBytes(cryptocore.KeyLen)
}
tlog.PrintMasterkeyReminder(key)
// Encrypt it using the password
// This sets ScryptObject and EncryptedKey
// Note: this looks at the FeatureFlags, so call it AFTER setting them.
Expand Down
37 changes: 37 additions & 0 deletions internal/tlog/log.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
package tlog

import (
"encoding/hex"
"encoding/json"
"fmt"
"log"
Expand Down Expand Up @@ -144,3 +145,39 @@ func SwitchLoggerToSyslog(p syslog.Priority) {
log.SetOutput(w)
}
}

// PrintMasterkeyReminder reminds the user that he should store the master key in
// a safe place.
func PrintMasterkeyReminder(key []byte) {
if !Info.Enabled {
// Quiet mode
return
}
if !terminal.IsTerminal(int(os.Stdout.Fd())) {
// We don't want the master key to end up in a log file
Info.Printf("Not running on a terminal, suppressing master key display\n")
return
}
h := hex.EncodeToString(key)
var hChunked string
// Try to make it less scary by splitting it up in chunks
for i := 0; i < len(h); i += 8 {
hChunked += h[i : i+8]
if i < 52 {
hChunked += "-"
}
if i == 24 {
hChunked += "\n "
}
}
Info.Printf(`
Your master key is:
%s
If the gocryptfs.conf file becomes corrupted or you ever forget your password,
there is only one hope for recovery: The master key. Print it to a piece of
paper and store it in a drawer. This message is only printed once.
`, ColorGrey+hChunked+ColorReset)
}
38 changes: 0 additions & 38 deletions masterkey.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,47 +5,13 @@ import (
"os"
"strings"

"golang.org/x/crypto/ssh/terminal"

"github.com/rfjakob/gocryptfs/internal/configfile"
"github.com/rfjakob/gocryptfs/internal/cryptocore"
"github.com/rfjakob/gocryptfs/internal/exitcodes"
"github.com/rfjakob/gocryptfs/internal/readpassword"
"github.com/rfjakob/gocryptfs/internal/tlog"
)

// printMasterKey - remind the user that he should store the master key in
// a safe place
func printMasterKey(key []byte) {
if !terminal.IsTerminal(int(os.Stdout.Fd())) {
// We don't want the master key to end up in a log file
tlog.Info.Printf("Not running on a terminal, suppressing master key display\n")
return
}
h := hex.EncodeToString(key)
var hChunked string
// Try to make it less scary by splitting it up in chunks
for i := 0; i < len(h); i += 8 {
hChunked += h[i : i+8]
if i < 52 {
hChunked += "-"
}
if i == 24 {
hChunked += "\n "
}
}
tlog.Info.Printf(`
Your master key is:
%s
If the gocryptfs.conf file becomes corrupted or you ever forget your password,
there is only one hope for recovery: The master key. Print it to a piece of
paper and store it in a drawer. Use "-q" to suppress this message.
`, tlog.ColorGrey+hChunked+tlog.ColorReset)
}

// parseMasterKey - Parse a hex-encoded master key that was passed on the command line
// Calls os.Exit on failure
func parseMasterKey(masterkey string, fromStdin bool) []byte {
Expand Down Expand Up @@ -106,9 +72,5 @@ func getMasterKey(args *argContainer) (masterkey []byte, confFile *configfile.Co
if !args.trezor {
readpassword.CheckTrailingGarbage()
}
if !args.fsck {
// We only want to print the masterkey message on a normal mount.
printMasterKey(masterkey)
}
return masterkey, confFile
}

0 comments on commit 6d64dfe

Please sign in to comment.