Feature: Remove the need for gocryptfs.conf, with secure master password input

[antofthy]

One of the things I do with EncFS is use the ENCFS6_CONFIG environment variable to read the config from a different location to the toplevel ".encfs6" file in the encrypted filesystem. That is I don't store the config with the encrypted data. Actually, the config is not even stored in a file but in a secure database along with the decryption password. The env var is used to specify a UNIX named pipe (fifo) which is used to give EncFS the config file. EncFS reads this file, once only, on startup, after which the named pipe is then deleted.

From what I can see GoCryptFS does not even need a config file at all, only the master password to use, which would be ideal. Unfortunately you only provide the ability to give this critical information via the insecure command line! Manpage even mentions how insecure this really is!

Please provide more secure means of passing the master password to GoCryptFS. Either from a file (or named pipe that is read only once), or from a file descriptor (such as STDIN).

OR... Provide the means to read the "gocryptfs.conf" from a user specified file (or pipeline), in the same way that EncFS does. The Manpage lists no such options, or Environment Variables, to do this.

[rfjakob]

Check out "-config",
https://github.com/rfjakob/gocryptfs/blob/master/Documentation/MANPAGE.md

[antofthy]

TX. Still it would be good to allow more secure input of the master key

…

On Mon, Mar 19, 2018 at 5:38 PM, rfjakob ***@***.***> wrote: Check out "-config", https://github.com/rfjakob/gocryptfs/blob/master/Documentation/MANPAGE.md <https://github.com/rfjakob/gocryptfs/blob/master/Documentation/MANPAGE.md> — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#218 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABKIwHyBZ68VfVhyE-qrJkRQNrNfS5Llks5tf2BzgaJpZM4SveKM> .

[charles-dyfis-net]

Insofar as the config file can be a named pipe, /dev/fd/... link, &c., I'm hard-pressed to see how it's less secure than other methods.

[antofthy]

No not the config file.. Passing master key using... -masterkey With a secure input for that a config file is not needed at all!

…

On Tue, Mar 20, 2018 at 12:00 PM, Charles Duffy ***@***.***> wrote: Insofar as the config file can be a named pipe, /dev/fd/... link, &c., I'm hard-pressed to see how it's less secure than other methods. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#218 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABKIwP8HdDLEt6T9BhQyDmm8NpIpSdocks5tgGLGgaJpZM4SveKM> .

[rfjakob]

The problem is this: There's lots of settings that gocryptfs reads from the config file (list). When you mount with "-masterkey", all the settings stay at their default value. So when a new gocryptfs version comes along with changed defaults (added features), your mounts will stop working.

[rfjakob]

You can now let gocryptfs read the masterkey from stdin by passing -masterkey=stdin, commit: 9bc039a

[antofthy]

Thank you.