Giters

rfjakob / gocryptfs

Encrypted overlay filesystem written in Go

Home Page:https://nuetzlich.net/gocryptfs/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

recreated gocryptfs.conf using masterkey have different EncryptedKey and Salt

WXZhao7 opened this issue · comments

commented

Hi, I'm new to gocryptfs.

I follow the guide Recreate gocryptfs.conf using masterkey and find that the recreated gocryptfs.conf using masterkey have different EncryptedKey and Salt.

Just change step (2) rm a/gocryptfs.conf to mv a/gocryptfs.conf ., and finally compare the config file.

Both of config files keep the same masterkey as below. I'm curious about this meet expectations?

Thanks!

❯ diff a/gocryptfs.conf gocryptfs.conf
3c3
<       "EncryptedKey": "HBeBzmpiT2g2Hwx4gYjFWjDnRd+I3mTlqjCtBJ4jwzYEKvj3U7apBToXI2ouk/COXwuxMWxk0r6083E73i4rFg==",
---
>       "EncryptedKey": "j02SX8uCSq4Tahw0dZf2uvA7Sy9wtdcq0S7Uq2v7pNtLupme+4ot+ariSBYuDFAhFXp4rSinMEe/3DIaWh10Yw==",
5c5
<               "Salt": "u13rcCTaLWEDJSmcU+pC6nDirkOKF9X0y8dqiNlXKao=",
---
>               "Salt": "l9Vltw86WMTQmqsxTUBRPK5P/F0+KTNzdujUpS/9sPg=",
❯ gocryptfs-xray -dumpmasterkey gocryptfs.conf
Password:
3a106405bd54b05ce6f2a415728de53743c6d9d25fef07c464d17a171f7f538c
❯ gocryptfs-xray -dumpmasterkey a/gocryptfs.conf
Password:
3a106405bd54b05ce6f2a415728de53743c6d9d25fef07c464d17a171f7f538c
commented

Yes looks good.

The differences you see are because a new random Key Encryption Key has been used to encrypt the master key (KEK, https://nuetzlich.net/gocryptfs/forward_mode_crypto/#master-key-storage ).