Documentation
¶
Overview ¶
Implements a 9p file system encrypts its data on another 9p file server
Index ¶
- Constants
- Variables
- func GeneratePrivateKey(path string, bits int) (*rsa.PrivateKey, error)
- func LoadPrivateKey(path string) (*rsa.PrivateKey, error)
- func PrivateKeyDecrypt(priv *rsa.PrivateKey, cipher []byte) ([]byte, error)
- func PublicKeyEncrypt(pub *rsa.PublicKey, msg []byte) ([]byte, error)
- type EncryptedFileSystem
- func (f *EncryptedFileSystem) CreateFile(ctx context.Context, path string, flag ninep.OpenMode, mode ninep.Mode) (ninep.FileHandle, error)
- func (f *EncryptedFileSystem) Delete(ctx context.Context, path string) error
- func (f *EncryptedFileSystem) Init(ctx context.Context) error
- func (f *EncryptedFileSystem) ListDir(ctx context.Context, path string) iter.Seq2[fs.FileInfo, error]
- func (f *EncryptedFileSystem) MakeDir(ctx context.Context, path string, mode ninep.Mode) error
- func (f *EncryptedFileSystem) OpenFile(ctx context.Context, path string, flag ninep.OpenMode) (ninep.FileHandle, error)
- func (f *EncryptedFileSystem) Stat(ctx context.Context, path string) (os.FileInfo, error)
- func (f *EncryptedFileSystem) WriteStat(ctx context.Context, path string, s ninep.Stat) error
Constants ¶
View Source
const PrivateKeyBits = 4096
Variables ¶
View Source
var ErrInvalidKey = errors.New("invalid key")
View Source
var ErrMissingKey = errors.New("missing encryption key")
Functions ¶
func GeneratePrivateKey ¶
func GeneratePrivateKey(path string, bits int) (*rsa.PrivateKey, error)
func LoadPrivateKey ¶
func LoadPrivateKey(path string) (*rsa.PrivateKey, error)
func PrivateKeyDecrypt ¶
func PrivateKeyDecrypt(priv *rsa.PrivateKey, cipher []byte) ([]byte, error)
Types ¶
type EncryptedFileSystem ¶
type EncryptedFileSystem struct {
DataMount proxy.FileSystemMount // where to write all data (encrypted)
KeysMount proxy.FileSystemMount // where to write secret keys for DataMount files (encrypted)
DecryptMount proxy.FileSystemMount // where files are temporarily unencrypted for reads and writes
PrivKey *rsa.PrivateKey // required
}
Basic encrypted file system overlay:
- DataMount is where all the encrypted data is stored. File names are NOT encrypted.
- KeysMount is where all the encrypted keys are stored. File names are NOT encrypted. Used to decrypted DataMount.
- DecryptMount is where all the "in-memory" opened files reside. Should be primarily something in memory or a secure location as opened files are decrypted to this location to support read-at locations
- PrivKey is the private key used to decrypt the KeysMount.
PrivKey must be securely stored, but KeysMount and DataMount can be in untrusted locations.
func New ¶
func New(privKey *rsa.PrivateKey, keysMount, dataMount, decryptMount proxy.FileSystemMount) *EncryptedFileSystem
func (*EncryptedFileSystem) CreateFile ¶
func (*EncryptedFileSystem) Delete ¶
func (f *EncryptedFileSystem) Delete(ctx context.Context, path string) error
func (*EncryptedFileSystem) OpenFile ¶
func (f *EncryptedFileSystem) OpenFile(ctx context.Context, path string, flag ninep.OpenMode) (ninep.FileHandle, error)
Source Files
Click to show internal directories.
Click to hide internal directories.