add ability to create/unlock a volume using a key and a keyfile.

[mhogomchungu]

SiriKali can manage gocryptfs volumes using a key and a keyfile since it generates the effective key by itself and then passes on the result to gocryptfs.

The above creates a problem if a user tries to unlock the volume independently of SiriKali and it will be best if gocryptfs also has this ability.

Proposed solutions.

1. An option to use a Key. This already works.
2. An option to use a keyfile.
3. An option to use a combination of a key and a keyfile with the effective key generated with the below formular: key = hmac(sha256,password,keyfile)

[rfjakob]

Do you already have the HMAC keyfile implemented? It would be nice to use something that can be easily "computed" manually, like

sha256(keyfile) + " " + password

[mhogomchungu]

Yes,and people are using the functionality through SiriKali and then start wondering how the unlock their volumes when they want to do that outside of SiriKali. An example is this bug report: mhogomchungu/sirikali#17

[mhogomchungu]

I think i should close this one since SiriKali can now exposes the effective key passed to gocryptfs both in the GUI and CLI.

This means,anybody who want to unlock their volumes created in Sirikali using a key and a keyfile outside of SiriKali can get the effective key from SiriKali,store it somewhere and start using it "straight" with gocryptfs.

The SiriKali command to use is:

sirikali -s -f ~/path/to/keyfile

It is also possible to get the from from other tools like openssl with a command like:

cat path/to/KeyFile | openssl dgst -sha256 -hmac "Key"

or from "hmac256"[1] tool.

[1] http://manpages.ubuntu.com/manpages/xenial/en/man1/hmac256.1.html