recreated gocryptfs.conf using masterkey have different EncryptedKey and Salt
WXZhao7 opened this issue · comments
Hi, I'm new to gocryptfs.
I follow the guide Recreate gocryptfs.conf using masterkey and find that the recreated gocryptfs.conf using masterkey have different EncryptedKey and Salt.
Just change step (2) rm a/gocryptfs.conf
to mv a/gocryptfs.conf .
, and finally compare the config file.
Both of config files keep the same masterkey as below. I'm curious about this meet expectations?
Thanks!
❯ diff a/gocryptfs.conf gocryptfs.conf
3c3
< "EncryptedKey": "HBeBzmpiT2g2Hwx4gYjFWjDnRd+I3mTlqjCtBJ4jwzYEKvj3U7apBToXI2ouk/COXwuxMWxk0r6083E73i4rFg==",
---
> "EncryptedKey": "j02SX8uCSq4Tahw0dZf2uvA7Sy9wtdcq0S7Uq2v7pNtLupme+4ot+ariSBYuDFAhFXp4rSinMEe/3DIaWh10Yw==",
5c5
< "Salt": "u13rcCTaLWEDJSmcU+pC6nDirkOKF9X0y8dqiNlXKao=",
---
> "Salt": "l9Vltw86WMTQmqsxTUBRPK5P/F0+KTNzdujUpS/9sPg=",
❯ gocryptfs-xray -dumpmasterkey gocryptfs.conf
Password:
3a106405bd54b05ce6f2a415728de53743c6d9d25fef07c464d17a171f7f538c
❯ gocryptfs-xray -dumpmasterkey a/gocryptfs.conf
Password:
3a106405bd54b05ce6f2a415728de53743c6d9d25fef07c464d17a171f7f538c
Yes looks good.
The differences you see are because a new random Key Encryption Key has been used to encrypt the master key (KEK, https://nuetzlich.net/gocryptfs/forward_mode_crypto/#master-key-storage ).