DroidFS icon indicating copy to clipboard operation
DroidFS copied to clipboard

Published 20 hours ago verified publisher icon hardcore-sushi

[Feature request] show gocryptfs master key during initialization

Open CertainBot opened this issue 1 year ago • 4 comments

I haven't found it anywhere in the app, so forgive me if its already there.

The master key is needed to recover the acces to the encrypted files in case the .conf file gets corrupted or lost. Would be nice to be shown (and maybe copied) the same way Linux version does

Thanks

CertainBot avatar Apr 21 '24 19:04 CertainBot

Yes indeed that would be nice to have. How should it be implemented on the UI?

hardcore-sushi avatar Apr 23 '24 09:04 hardcore-sushi

The linux terminal gocryptfs show this message on initialization of the cipher folder:

Your master key is:

bc72d53b-464824f0-4942948e-8d6f28e4-
119510e1-41c48500-dc8cbdc9-64ffcd48

If the gocryptfs.conf file becomes corrupted or you ever forget your password, there is only one hope for recovery: The master key. Print it to a piece of paper and store it in a drawer. This message is only printed once.

Maybe a dialog with a text similar to that and the Master Key in a field that can be copied with a button should be enough. Having it in the clipboard might be critical for some depending on the threat model so maybe advising that should be enough for the user to decide if to copy it by hand or via the clipboard

CertainBot avatar Apr 26 '24 22:04 CertainBot

The linux terminal gocryptfs show this message on initialization of the cipher folder:

Your master key is:

bc72d53b-464824f0-4942948e-8d6f28e4-
119510e1-41c48500-dc8cbdc9-64ffcd48

If the gocryptfs.conf file becomes corrupted or you ever forget your password, there is only one hope for recovery: The master key. Print it to a piece of paper and store it in a drawer. This message is only printed once.

Maybe a dialog with a text similar to that and the Master Key in a field that can be copied with a button should be enough. Having it in the clipboard might be critical for some depending on the threat model so maybe advising that should be enough for the user to decide if to copy it by hand or via the clipboard

Is it easy to realize my ideas?

What the user sees on the UI:

  1. You click 'Add Volume'
  2. You enter the name and path of the volume.
  3. you enter the password for the volume 2 times
  4. The new volume is automatically decrypted and mounted.
  5. instead of seeing the "empty directory" prompt, you see a file called masterkey.txt
  6. Open masterkey.txt. Find your key. You can delete the file or keep it.

Developer action:

Create a file named 'masterkey.txt' in the root directory of the volume. Write the 'masterkey' and other prompts to this text file. The text file is encrypted and it will be stored on internal storage or SD card. The text file is stored in the same volume as other files that need to be protected.

ghost avatar Jun 28 '24 16:06 ghost

I prefer the dialog idea. I find it better aligned with original gocryptfs, more secure, and less confusing for the user.

hardcore-sushi avatar Jun 30 '24 10:06 hardcore-sushi