Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for pbkdf2 key derivation with iterations, and make this the default #126

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Add support for pbkdf2 key derivation with iterations, and make this the default #126

wants to merge 7 commits into from
+84 −57

Commits on Aug 31, 2021

  1. Target a version 3 release with breaking changes, at least for now

    @jmurty
    jmurty committed Aug 31, 2021
    Configuration menu
    Copy the full SHA
    3936982 View commit details
    Browse the repository at this point in the history

  2. Accept cipher setting containing multiple components like 'aes-256-cb… 

    …c:pbkdf2:1024'

- set default cipher to 'aes-256-cbc:pbkdf2:1024'
- relevant code paths can split compound cipher value into components:
  cipher, key derivation function, iterations
- prevent `transcrypt.openssl-path` setting getting clobbered on --rekey
    @jmurty
    jmurty committed Aug 31, 2021
    Configuration menu
    Copy the full SHA
    ab84423 View commit details
    Browse the repository at this point in the history

  3. Re-key sensitive_file to use cipher 'aes-256-cbc:pbkdf2:1024' 

    Re-key example sensitive_file with command:

    ./transcrypt --rekey \
        -c 'aes-256-cbc:pbkdf2:1024' \
        -p 'correct horse battery staple' \
        --yes
    @jmurty
    jmurty committed Aug 31, 2021
    Configuration menu
    Copy the full SHA
    5189058 View commit details
    Browse the repository at this point in the history

  4. Update README for new default "cipher": 'aes-256-cbc:pbkdf2:1024'

    @jmurty
    jmurty committed Aug 31, 2021
    Configuration menu
    Copy the full SHA
    6d695dd View commit details
    Browse the repository at this point in the history

  5. Silence shellcheck SC2155 warnings for long-lived code that's fine 

    SC2155: Declare and assign separately to avoid masking return values.
    @jmurty
    jmurty committed Aug 31, 2021
    Configuration menu
    Copy the full SHA
    bdc0e7b View commit details
    Browse the repository at this point in the history

  6. Update passphrase hash MD5 => SHA512 for compound "cipher"

    @jmurty
    jmurty committed Aug 31, 2021
    Configuration menu
    Copy the full SHA
    8bfd8c3 View commit details
    Browse the repository at this point in the history

  7. Re-key sensitive_file with SHA512 passphrase hash 

    Re-key example sensitive_file with command:

    ./transcrypt --rekey \
        -c 'aes-256-cbc:pbkdf2:1024' \
        -p 'correct horse battery staple' \
        --yes
    @jmurty
    jmurty committed Aug 31, 2021
    Configuration menu
    Copy the full SHA
    9fdac3c View commit details
    Browse the repository at this point in the history