gocryptfs-inspect icon indicating copy to clipboard operation
gocryptfs-inspect copied to clipboard

Published 20 hours ago verified publisher icon slackner

XChaCha20-Poly1305 support

Open rfjakob opened this issue 3 years ago • 2 comments

gocryptfs has added XChaCha20-Poly1305 for file content encryption. It's already in master and I want to release it as gocryptfs v2.2.

It would be nice to have an independent implementation before I release this to the unsuspecting public :)

  • The feature flag is called XChaCha20Poly1305
  • HKDF context is here https://github.com/rfjakob/gocryptfs/blob/master/internal/cryptocore/hkdf.go#L16
  • Nonce is 24 bytes instead of 16, doc is here: https://github.com/rfjakob/gocryptfs/blob/master/Documentation/file-format.md
  • Example filesystem is here: https://github.com/rfjakob/gocryptfs/tree/master/tests/example_filesystems/v2.2-xchacha

Everything else is the same as for AES-GCM and AES-SIV.

rfjakob avatar Aug 26 '21 06:08 rfjakob

Hi Jakob,

Good job, very exciting to see support for some additional encryption algorithms. :+1: :tada:

I just implemented XChaCha suport in gocryptfs-inspect, and everything looks pretty good so far: https://github.com/slackner/gocryptfs-inspect/commit/39e6c69d757bc9b94350e7012829f68982cf8803

The code still needs a bit of cleanup before merging, but all tests pass, so no reason to delay the release of your new gocryptfs version :smile:

Best regards, Sebastian

slackner avatar Aug 26 '21 23:08 slackner

Great, thank you!!

rfjakob avatar Aug 27 '21 05:08 rfjakob