Hi! GnuPG features a new experimental tool called G13. It is designed as a key management tool for disc encryption. The actual encryption is done using a backend. I hacked this tool about a year ago using EncFS as its first backend.
Unfortunately I forgot that we need a patched version of EncFS to make
it work [1]. Now that I released GnuPG 2.1.0beta1, which announced the
existence of that tool, Daiki Ueno wanted to check it out and figured
that it does not work due to the missing support in EncFS.
The feature I added is the option --annotate. This option prints
additional strings like
$PROMPT$ create_mount_point
$PROMPT$ new_passwd
$STATUS$ fuse_main_start
so that the controlling g13 tools knows what to do. Using this
annotation is much easier and more robust than trying to parse the
strings EncFS usually prints.
I'd very much appreciate if you can merge this patch. I attach the old
one for 1.5 and one for 1.7.3.
Shalom-Salam,
Werner
[1] It was for a lesser known prototype project which uses its own
Debian repo. Thus we all used a patched version for our tests.
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
2010-11-10 Werner Koch <w...@gnupg.org>
Port my patch for 1.5 dated 2009-10-14 to 1.7.3.
* encfs/main.cpp (processArgs): Add option --annotate.
(EncFS_Args, processArgs): Support annotate option.
(main): Print status messages.
* encfs/FileUtils.h (EncFS_Opts): Add field ANNOTATE.
* encfs/FileUtils.cpp (userAllowMkdir): Add arg PROMPTNO.
(createV6Config): Make use of ANNOTATE option.
(initFS): Ditto.
* encfs/encfsctl.cpp (cmd_export): Adjust call to userAllowMkdir.
(do_chpasswd): Add arg ANNOTATE.
(chpasswd, chpasswdAutomaticly): Pass false for ANNOTATE.
diff -urpN orig/encfs-1.7.3/encfs/FileUtils.cpp encfs-1.7.3/encfs/FileUtils.cpp
--- orig/encfs-1.7.3/encfs/FileUtils.cpp 2010-11-04 04:28:54.000000000
+0100
+++ encfs-1.7.3/encfs/FileUtils.cpp 2010-11-10 11:43:32.000000000 +0100
@@ -314,14 +314,27 @@ std::string parentDirectory( const std::
return path.substr(0, last);
}
-bool userAllowMkdir( const char *path, mode_t mode )
+bool userAllowMkdir(int promptno, const char *path, mode_t mode )
{
// TODO: can we internationalize the y/n names? Seems strange to prompt in
// their own language but then have to respond 'y' or 'n'.
// xgroup(setup)
cerr << autosprintf( _("The directory \"%s\" does not exist. Should it be
created? (y,n) "), path );
char answer[10];
- char *res = fgets( answer, sizeof(answer), stdin );
+ char *res;
+
+ switch (promptno)
+ {
+ case 1:
+ cerr << endl << "$PROMPT$ create_root_dir" << endl;
+ break;
+ case 2:
+ cerr << endl << "$PROMPT$ create_mount_point" << endl;
+ break;
+ default:
+ break;
+ }
+ res = fgets( answer, sizeof(answer), stdin );
if(res != 0 && toupper(answer[0]) == 'Y')
{
@@ -976,6 +989,7 @@ RootPtr createV6Config( EncFS_Context *c
bool useStdin = opts->useStdin;
bool reverseEncryption = opts->reverseEncryption;
ConfigMode configMode = opts->configMode;
+ bool annotate = opts->annotate;
RootPtr rootInfo;
@@ -994,6 +1008,9 @@ RootPtr createV6Config( EncFS_Context *c
" anything else, or an empty line will select standard mode.\n"
"?> ");
+ if (annotate)
+ cerr << "$PROMPT$ config_option" << endl;
+
char *res = fgets( answer, sizeof(answer), stdin );
(void)res;
cout << "\n";
@@ -1179,7 +1196,11 @@ RootPtr createV6Config( EncFS_Context *c
CipherKey userKey;
rDebug( "useStdin: %i", useStdin );
if(useStdin)
+ {
+ if (annotate)
+ cerr << "$PROMPT$ new_passwd" << endl;
userKey = config->getUserKey( useStdin );
+ }
else if(!passwordProgram.empty())
userKey = config->getUserKey( passwordProgram, rootDir );
else
@@ -1618,6 +1639,8 @@ RootPtr initFS( EncFS_Context *ctx, cons
if(opts->passwordProgram.empty())
{
rDebug( "useStdin: %i", opts->useStdin );
+ if (opts->annotate)
+ cerr << "$PROMPT$ passwd" << endl;
userKey = config->getUserKey( opts->useStdin );
} else
userKey = config->getUserKey( opts->passwordProgram, opts->rootDir
);
diff -urpN orig/encfs-1.7.3/encfs/FileUtils.h encfs-1.7.3/encfs/FileUtils.h
--- orig/encfs-1.7.3/encfs/FileUtils.h 2010-09-05 22:47:01.000000000 +0200
+++ encfs-1.7.3/encfs/FileUtils.h 2010-11-10 11:45:16.000000000 +0100
@@ -36,7 +36,7 @@ std::string parentDirectory( const std::
// ask the user for permission to create the directory. If they say ok, then
// do it and return true.
-bool userAllowMkdir( const char *dirPath, mode_t mode );
+bool userAllowMkdir(int promptno, const char *dirPath, mode_t mode );
class Cipher;
class DirNode;
@@ -72,6 +72,7 @@ struct EncFS_Opts
std::string passwordProgram; // path to password program (or empty)
bool useStdin; // read password from stdin rather then prompting
+ bool annotate; // print annotation line prompt to stderr.
bool ownerCreate; // set owner of new files to caller
@@ -87,6 +88,7 @@ struct EncFS_Opts
checkKey = true;
forceDecode = false;
useStdin = false;
+ annotate = false;
ownerCreate = false;
reverseEncryption = false;
configMode = Config_Prompt;
diff -urpN orig/encfs-1.7.3/encfs/encfsctl.cpp encfs-1.7.3/encfs/encfsctl.cpp
--- orig/encfs-1.7.3/encfs/encfsctl.cpp 2010-08-30 08:27:49.000000000 +0200
+++ encfs-1.7.3/encfs/encfsctl.cpp 2010-11-10 11:53:36.000000000 +0100
@@ -616,7 +616,7 @@ static int cmd_export( int argc, char **
string destDir = argv[2];
// if the dir doesn't exist, then create it (with user permission)
- if(!checkDir(destDir) && !userAllowMkdir(destDir.c_str(), 0700))
+ if(!checkDir(destDir) && !userAllowMkdir(0, destDir.c_str(), 0700))
return EXIT_FAILURE;
return traverseDirs(rootInfo, "/", destDir);
@@ -693,7 +693,7 @@ static int cmd_showcruft( int argc, char
return EXIT_SUCCESS;
}
-static int do_chpasswd( bool useStdin, int argc, char **argv )
+static int do_chpasswd( bool useStdin, bool annotate, int argc, char **argv )
{
(void)argc;
string rootDir = argv[1];
@@ -721,6 +721,8 @@ static int do_chpasswd( bool useStdin, i
// ask for existing password
cout << _("Enter current Encfs password\n");
+ if (annotate)
+ cerr << "$PROMPT$ passwd" << endl;
CipherKey userKey = config->getUserKey( useStdin );
if(!userKey)
return EXIT_FAILURE;
@@ -742,7 +744,11 @@ static int do_chpasswd( bool useStdin, i
config->kdfIterations = 0; // generate new
if( useStdin )
+ {
+ if (annotate)
+ cerr << "$PROMPT$ new_passwd" << endl;
userKey = config->getUserKey( true );
+ }
else
userKey = config->getNewUserKey();
@@ -781,12 +787,12 @@ static int do_chpasswd( bool useStdin, i
static int chpasswd( int argc, char **argv )
{
- return do_chpasswd( false, argc, argv );
+ return do_chpasswd( false, false, argc, argv );
}
static int chpasswdAutomaticly( int argc, char **argv )
{
- return do_chpasswd( true, argc, argv );
+ return do_chpasswd( true, false, argc, argv );
}
diff -urpN orig/encfs-1.7.3/encfs/main.cpp encfs-1.7.3/encfs/main.cpp
--- orig/encfs-1.7.3/encfs/main.cpp 2009-11-29 23:04:12.000000000 +0100
+++ encfs-1.7.3/encfs/main.cpp 2010-11-10 11:58:59.000000000 +0100
@@ -104,6 +104,7 @@ struct EncFS_Args
if(opts->forceDecode) ss << "(forceDecode) ";
if(opts->ownerCreate) ss << "(ownerCreate) ";
if(opts->useStdin) ss << "(useStdin) ";
+ if(opts->annotate) ss << "(annotate) ";
if(opts->reverseEncryption) ss << "(reverseEncryption) ";
if(opts->mountOnDemand) ss << "(mountOnDemand) ";
for(int i=0; i<fuseArgc; ++i)
@@ -196,6 +197,7 @@ bool processArgs(int argc, char *argv[],
out->opts->forceDecode = false;
out->opts->ownerCreate = false;
out->opts->useStdin = false;
+ out->opts->annotate = false;
out->opts->reverseEncryption = false;
bool useDefaultFlags = true;
@@ -223,6 +225,7 @@ bool processArgs(int argc, char *argv[],
{"extpass", 1, 0, 'p'}, // external password program
// {"single-thread", 0, 0, 's'}, // single-threaded mode
{"stdinpass", 0, 0, 'S'}, // read password from stdin
+ {"annotate", 0, 0, 513}, // Print annotation lines to stderr
{"verbose", 0, 0, 'v'}, // verbose mode
{"version", 0, 0, 'V'}, //version
{"reverse", 0, 0, 'r'}, // reverse encryption
@@ -263,6 +266,9 @@ bool processArgs(int argc, char *argv[],
case 'S':
out->opts->useStdin = true;
break;
+ case 513:
+ out->opts->annotate = true;
+ break;
case 'f':
out->isDaemon = false;
// this option was added in fuse 2.x
@@ -411,13 +417,15 @@ bool processArgs(int argc, char *argv[],
// check that the directories exist, or that we can create them..
if(!isDirectory( out->opts->rootDir.c_str() ) &&
- !userAllowMkdir( out->opts->rootDir.c_str() ,0700))
+ !userAllowMkdir(out->opts->annotate? 1:0,
+ out->opts->rootDir.c_str() ,0700))
{
rWarning(_("Unable to locate root directory, aborting."));
return false;
}
if(!isDirectory( out->mountPoint.c_str() ) &&
- !userAllowMkdir( out->mountPoint.c_str(),0700))
+ !userAllowMkdir(out->opts->annotate? 2:0,
+ out->mountPoint.c_str(),0700))
{
rWarning(_("Unable to locate mount point, aborting."));
return false;
@@ -631,6 +639,9 @@ int main(int argc, char *argv[])
{
time_t startTime, endTime;
+ if (encfsArgs->opts->annotate)
+ cerr << "$STATUS$ fuse_main_start" << endl;
+
// FIXME: workaround for fuse_main returning an error on normal
// exit. Only print information if fuse_main returned
// immediately..
@@ -643,6 +654,9 @@ int main(int argc, char *argv[])
time( &endTime );
+ if (encfsArgs->opts->annotate)
+ cerr << "$STATUS$ fuse_main_end" << endl;
+
if(res == 0)
returnCode = EXIT_SUCCESS;
2009-10-14 Werner Koch <w...@gnupg.org>
* encfs/main.cpp (processArgs): Add option --annotate.
(EncFS_Args, processArgs): Support annotate option.
(main): Print status messages.
* encfs/FileUtils.h (EncFS_Opts): Add field ANNOTATE.
* encfs/FileUtils.cpp (userAllowMkdir): Add arg PROMPTNO.
(createV6Config): Add arg ANNOTATE.
(initFS): Pass it down.
* encfs/encfsctl.cpp (cmd_export): Adjust call to userAllowMkdir.
(do_chpasswd): Add arg ANNOTATE.
(chpasswd, chpasswdAutomaticly): Pass false for ANNOTATE.
* encfs/SSL_Cipher.cpp (TimedPBKDF2, newKey): Solve build
problems by using const_cast for SALT. Suggested by Valient.
diff -urp encfs-1.5.2.orig/encfs/FileUtils.cpp encfs-1.5.2/encfs/FileUtils.cpp
--- encfs-1.5.2.orig/encfs/FileUtils.cpp 2008-09-10 07:53:58.000000000
+0200
+++ encfs-1.5.2/encfs/FileUtils.cpp 2009-10-12 19:29:12.000000000 +0200
@@ -280,13 +280,24 @@ std::string parentDirectory( const std::
return path.substr(0, last);
}
-bool userAllowMkdir( const char *path, mode_t mode )
+bool userAllowMkdir(int promptno, const char *path, mode_t mode )
{
// TODO: can we internationalize the y/n names? Seems strange to prompt in
// their own language but then have to respond 'y' or 'n'.
// xgroup(setup)
cerr << autosprintf( _("The directory \"%s\" does not exist. Should it be
created? (y,n) "), path );
char answer[10];
+ switch (promptno)
+ {
+ case 1:
+ cerr << endl << "$PROMPT$ create_root_dir" << endl;
+ break;
+ case 2:
+ cerr << endl << "$PROMPT$ create_mount_point" << endl;
+ break;
+ default:
+ break;
+ }
fgets( answer, sizeof(answer), stdin );
if(toupper(answer[0]) == 'Y')
@@ -934,7 +945,7 @@ bool selectZeroBlockPassThrough()
RootPtr createV6Config( EncFS_Context *ctx, const std::string &rootDir,
bool enableIdleTracking, bool forceDecode,
const std::string &passwordProgram,
- bool useStdin, bool reverseEncryption )
+ bool useStdin, bool annotate, bool reverseEncryption )
{
RootPtr rootInfo;
@@ -949,7 +960,10 @@ RootPtr createV6Config( EncFS_Context *c
" enter \"p\" for pre-configured paranoia mode,\n"
" anything else, or an empty line will select standard mode.\n"
"?> ");
-
+
+ if (annotate)
+ cerr << "$PROMPT$ config_option" << endl;
+
char answer[10] = {0};
fgets( answer, sizeof(answer), stdin );
cout << "\n";
@@ -1135,7 +1149,11 @@ RootPtr createV6Config( EncFS_Context *c
CipherKey userKey;
rDebug( "useStdin: %i", useStdin );
if(useStdin)
+ {
+ if (annotate)
+ cerr << "$PROMPT$ new_passwd" << endl;
userKey = config.getUserKey( useStdin );
+ }
else if(!passwordProgram.empty())
userKey = config.getUserKey( passwordProgram, rootDir );
else
@@ -1585,6 +1603,8 @@ RootPtr initFS( EncFS_Context *ctx, cons
if(opts->passwordProgram.empty())
{
rDebug( "useStdin: %i", opts->useStdin );
+ if (opts->annotate)
+ cerr << "$PROMPT$ passwd" << endl;
userKey = config.getUserKey( opts->useStdin );
} else
userKey = config.getUserKey( opts->passwordProgram, opts->rootDir
);
@@ -1649,7 +1669,7 @@ RootPtr initFS( EncFS_Context *ctx, cons
// creating a new encrypted filesystem
rootInfo = createV6Config( ctx, opts->rootDir, opts->idleTracking,
opts->forceDecode, opts->passwordProgram, opts->useStdin,
- opts->reverseEncryption );
+ opts->annotate, opts->reverseEncryption );
}
}
diff -urp encfs-1.5.2.orig/encfs/FileUtils.h encfs-1.5.2/encfs/FileUtils.h
--- encfs-1.5.2.orig/encfs/FileUtils.h 2008-08-23 23:48:12.000000000 +0200
+++ encfs-1.5.2/encfs/FileUtils.h 2009-10-12 19:29:55.000000000 +0200
@@ -35,8 +35,9 @@ const char *lastPathElement( const char
std::string parentDirectory( const std::string &path );
// ask the user for permission to create the directory. If they say ok, then
-// do it and return true.
-bool userAllowMkdir( const char *dirPath, mode_t mode );
+// do it and return true. If PROMPTNO is 1 show a prompt asking for
+// the root directory, if 2 ask for the mount point.
+bool userAllowMkdir(int promptno, const char *dirPath, mode_t mode );
enum ConfigType
{
@@ -155,6 +156,7 @@ struct EncFS_Opts
std::string passwordProgram; // path to password program (or empty)
bool useStdin; // read password from stdin rather then prompting
+ bool annotate; // print annotation lines prompt to stderr.
bool ownerCreate; // set owner of new files to caller
@@ -167,6 +169,7 @@ struct EncFS_Opts
checkKey = true;
forceDecode = false;
useStdin = false;
+ annotate = false;
ownerCreate = false;
reverseEncryption = false;
}
diff -urp encfs-1.5.2.orig/encfs/SSL_Cipher.cpp encfs-1.5.2/encfs/SSL_Cipher.cpp
--- encfs-1.5.2.orig/encfs/SSL_Cipher.cpp 2008-08-23 23:48:12.000000000
+0200
+++ encfs-1.5.2/encfs/SSL_Cipher.cpp 2009-10-12 11:23:25.000000000 +0200
@@ -144,8 +144,10 @@ int TimedPBKDF2(const char *pass, int pa
for(;;)
{
gettimeofday( &start, 0 );
- int res = PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen,
- iter, keylen, out);
+ int res = PKCS5_PBKDF2_HMAC_SHA1(pass, passlen,
+ const_cast<unsigned char*>(salt),
+ saltlen,
+ iter, keylen, out);
if(res != 1)
return -1;
@@ -423,9 +425,10 @@ CipherKey SSL_Cipher::newKey(const char
} else
{
// known iteration length
- if(PKCS5_PBKDF2_HMAC_SHA1(password, passwdLength, salt, saltLen,
- iterationCount, _keySize + _ivLength,
- KeyData(key)) != 1)
+ if(PKCS5_PBKDF2_HMAC_SHA1(password, passwdLength,
+ const_cast<unsigned char*>(salt), saltLen,
+ iterationCount, _keySize + _ivLength,
+ KeyData(key)) != 1)
{
rWarning("openssl error, PBKDF2 failed");
return CipherKey();
diff -urp encfs-1.5.2.orig/encfs/encfsctl.cpp encfs-1.5.2/encfs/encfsctl.cpp
--- encfs-1.5.2.orig/encfs/encfsctl.cpp 2008-08-23 23:48:12.000000000 +0200
+++ encfs-1.5.2/encfs/encfsctl.cpp 2009-10-12 19:29:11.000000000 +0200
@@ -564,7 +564,7 @@ static int cmd_export( int argc, char **
string destDir = argv[2];
// if the dir doesn't exist, then create it (with user permission)
- if(!checkDir(destDir) && !userAllowMkdir(destDir.c_str(), 0700))
+ if(!checkDir(destDir) && !userAllowMkdir(0, destDir.c_str(), 0700))
return EXIT_FAILURE;
return traverseDirs(rootInfo, "/", destDir);
@@ -641,7 +641,7 @@ static int cmd_showcruft( int argc, char
return EXIT_SUCCESS;
}
-static int do_chpasswd( bool useStdin, int argc, char **argv )
+static int do_chpasswd( bool useStdin, bool annotate, int argc, char **argv )
{
(void)argc;
string rootDir = argv[1];
@@ -669,6 +669,8 @@ static int do_chpasswd( bool useStdin, i
// ask for existing password
cout << _("Enter current Encfs password\n");
+ if (annotate)
+ cerr << "$PROMPT$ passwd" << endl;
CipherKey userKey = config.getUserKey( useStdin );
if(!userKey)
return EXIT_FAILURE;
@@ -690,7 +692,11 @@ static int do_chpasswd( bool useStdin, i
config.kdfIterations = 0; // generate new
if( useStdin )
+ {
+ if (annotate)
+ cerr << "$PROMPT$ new_passwd" << endl;
userKey = config.getUserKey( true );
+ }
else
userKey = config.getNewUserKey();
@@ -729,12 +735,12 @@ static int do_chpasswd( bool useStdin, i
static int chpasswd( int argc, char **argv )
{
- return do_chpasswd( false, argc, argv );
+ return do_chpasswd( false, false, argc, argv );
}
static int chpasswdAutomaticly( int argc, char **argv )
{
- return do_chpasswd( true, argc, argv );
+ return do_chpasswd( true, false, argc, argv );
}
diff -urp encfs-1.5.2.orig/encfs/main.cpp encfs-1.5.2/encfs/main.cpp
--- encfs-1.5.2.orig/encfs/main.cpp 2008-08-06 08:36:13.000000000 +0200
+++ encfs-1.5.2/encfs/main.cpp 2009-10-14 14:19:09.000000000 +0200
@@ -104,6 +104,7 @@ struct EncFS_Args
if(opts->forceDecode) ss << "(forceDecode) ";
if(opts->ownerCreate) ss << "(ownerCreate) ";
if(opts->useStdin) ss << "(useStdin) ";
+ if(opts->annotate) ss << "(annotate) ";
if(opts->reverseEncryption) ss << "(reverseEncryption) ";
if(opts->mountOnDemand) ss << "(mountOnDemand) ";
for(int i=0; i<fuseArgc; ++i)
@@ -196,6 +197,7 @@ bool processArgs(int argc, char *argv[],
out->opts->forceDecode = false;
out->opts->ownerCreate = false;
out->opts->useStdin = false;
+ out->opts->annotate = false;
out->opts->reverseEncryption = false;
bool useDefaultFlags = true;
@@ -223,6 +225,7 @@ bool processArgs(int argc, char *argv[],
{"extpass", 1, 0, 'p'}, // external password program
// {"single-thread", 0, 0, 's'}, // single-threaded mode
{"stdinpass", 0, 0, 'S'}, // read password from stdin
+ {"annotate", 0, 0, 513}, // Print annotation lines to stderr
{"verbose", 0, 0, 'v'}, // verbose mode
{"version", 0, 0, 'V'}, //version
{"reverse", 0, 0, 'r'}, // reverse encryption
@@ -255,6 +258,9 @@ bool processArgs(int argc, char *argv[],
case 'S':
out->opts->useStdin = true;
break;
+ case 513:
+ out->opts->annotate = true;
+ break;
case 'f':
out->isDaemon = false;
// this option was added in fuse 2.x
@@ -403,13 +409,15 @@ bool processArgs(int argc, char *argv[],
// check that the directories exist, or that we can create them..
if(!isDirectory( out->opts->rootDir.c_str() ) &&
- !userAllowMkdir( out->opts->rootDir.c_str() ,0700))
+ !userAllowMkdir(out->opts->annotate? 1:0,
+ out->opts->rootDir.c_str() ,0700))
{
rWarning(_("Unable to locate root directory, aborting."));
return false;
}
if(!isDirectory( out->mountPoint.c_str() ) &&
- !userAllowMkdir( out->mountPoint.c_str(),0700))
+ !userAllowMkdir(out->opts->annotate? 2:0,
+ out->mountPoint.c_str(), 0700))
{
rWarning(_("Unable to locate mount point, aborting."));
return false;
@@ -610,6 +618,9 @@ int main(int argc, char *argv[])
{
time_t startTime, endTime;
+ if (encfsArgs->opts->annotate)
+ cerr << "$STATUS$ fuse_main_start" << endl;
+
// FIXME: workaround for fuse_main returning an error on normal
// exit. Only print information if fuse_main returned
// immediately..
@@ -622,6 +633,9 @@ int main(int argc, char *argv[])
time( &endTime );
+ if (encfsArgs->opts->annotate)
+ cerr << "$STATUS$ fuse_main_end" << endl;
+
if(res == 0)
returnCode = EXIT_SUCCESS;
pgptqB6zR445g.pgp
Description: PGP signature
------------------------------------------------------------------------------ The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________ Encfs-users mailing list Encfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/encfs-users
