mirror of
https://github.com/unraid/webgui.git
synced 2026-01-15 06:00:14 -06:00
163 lines
6.5 KiB
Plaintext
163 lines
6.5 KiB
Plaintext
Menu="UserPreferences"
|
|
Title="Encryption Settings"
|
|
Icon="encryption-settings.png"
|
|
Tag="key"
|
|
---
|
|
<?PHP
|
|
/* Copyright 2005-2017, Lime Technology
|
|
* Copyright 2012-2017, Bergware International.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License version 2,
|
|
* as published by the Free Software Foundation.
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*/
|
|
?>
|
|
<?
|
|
$keyfile = file_exists($var['luksKeyfile']) ? $var['luksKeyfile']:'';
|
|
$online = $var['fsState']=='Stopped' ? '':'disabled';
|
|
?>
|
|
<script>
|
|
<?if ($keyfile):?>
|
|
function prepareInput(form) {
|
|
form.keyfile.disabled = true;
|
|
}
|
|
function toggleApply(checked) {
|
|
$('input[name="#apply"]').prop('disabled',!checked);
|
|
}
|
|
<?else:?>
|
|
var forced = <?=$var['fsNumEncrypted']==0 ? 'true':'false'?>;
|
|
var confirm = forced || <?=$var['luksRestricted']!='yes' ? 'true':'false'?>;
|
|
|
|
function prepareInput(form) {
|
|
$.post('/update.htm',{luksRestricted:form.luksRestricted.value,changeDisk:'apply'});
|
|
if (form.text.value || form.file.value) {
|
|
form.input.disabled = true;
|
|
form.local.disabled = true;
|
|
form.copy.disabled = true;
|
|
}
|
|
}
|
|
function toggleApply(form) {
|
|
var disabled = confirm ? form.text.value!=form.copy.value:form.text.value=='';
|
|
form.apply.disabled = disabled;
|
|
}
|
|
function selectInput(form) {
|
|
if (form.input.value == 'text') {
|
|
form.file.value = '';
|
|
form.local.value = '';
|
|
$('#text').show();
|
|
$('#file').hide();
|
|
} else {
|
|
form.text.value = '';
|
|
form.copy.value = '';
|
|
$('#text').hide();
|
|
$('#file').show();
|
|
}
|
|
form.apply.disabled = true;
|
|
}
|
|
function showPass(checked) {
|
|
$('input[name="text"],input[name="copy"]').attr('type',checked ? 'text':'password');
|
|
}
|
|
function showRetype(form) {
|
|
if (form.input.value=='file') return;
|
|
confirm = forced || form.luksRestricted.value!='yes';
|
|
toggleApply(form);
|
|
if (confirm) $('#retype').show(); else $('#retype').hide();
|
|
}
|
|
function getFileContent(event,form) {
|
|
var input = event.target;
|
|
var reader = new FileReader();
|
|
reader.onload = function(){form.file.value=reader.result; form.apply.disabled=false;};
|
|
reader.readAsDataURL(input.files[0]);
|
|
}
|
|
$(function(){
|
|
if (confirm) $('#retype').show();
|
|
});
|
|
<?endif;?>
|
|
</script>
|
|
<form markdown="1" name="encrypt_settings" method="POST" action="/update.php" target="progressFrame" onsubmit="prepareInput(this)">
|
|
<input type="hidden" name="#file" value="unused">
|
|
<input type="hidden" name="#include" value="webGui/include/KeyUpload.php">
|
|
<input type="hidden" name="file" value="">
|
|
<?if ($keyfile):?>
|
|
Encryption key:
|
|
: <?=$keyfile?>
|
|
|
|
> Shows the path and name of the current keyfile, if present.
|
|
>
|
|
> This keyfile is read during array Start and is used to encrypt/decrypt content of encrypted devices.
|
|
>
|
|
> With array Stopped, the keyfile may be deleted and the user can specify a new encryption key. Note that once a device
|
|
> is formatted with a particular key it may only be opened using that same key. Changing the encryption key requires
|
|
> encrypted devices to be reformatted **resulting in permanent loss of all existing data on those devices.**
|
|
>
|
|
> With array Started, the keyfile may be deleted to ensure there is no encryption key present on the server when
|
|
> the array is online. Note that plugins are installed and may execute before and during the array Start process.
|
|
|
|
Delete <input type="checkbox" name="keyfile" onchange="toggleApply(this.checked)">
|
|
: <input type="submit" name="#apply" value="Delete" disabled><input type="button" value="Done" class="lock" onclick="done()">
|
|
|
|
<?else:?>
|
|
Encryption key:
|
|
: Not present
|
|
|
|
Restricted Start:
|
|
: <select name="luksRestricted" size="1" onchange="showRetype(this.form)"<?=$online?>>
|
|
<?=mk_option($var['luksRestricted'], "yes", "Yes")?>
|
|
<?=mk_option($var['luksRestricted'], "no", "No")?>
|
|
</select>
|
|
|
|
> When set to **Yes** the array cannot Start if the encryption passphrase/keyfile is missing or wrong.
|
|
> This is the normal setting.
|
|
>
|
|
> When set to **No** the array may be Started and:
|
|
>
|
|
> * If the passphrase/keyfile is **missing**, then encrypted volumes will not be mounted and cannot be formatted.
|
|
> * If the passphrase/keyfile is **different**, then encrypted volumes will appear Unmountable and may be formatted with the new key.
|
|
|
|
Encryption input:
|
|
: <select name="input" size="1" onchange="selectInput(this.form)"<?=$online?>>
|
|
<?=mk_option(1, "text", "Passphrase")?>
|
|
<?=mk_option(1, "file", "Keyfile")?>
|
|
</select>
|
|
|
|
> Select manual input or file input of the encryption key. Note that the encryption key needs to be re-entered each time the server is rebooted.
|
|
>
|
|
> The array will **not** Start automatically when encrypted volumes are present.
|
|
|
|
<div id="text" markdown="1">
|
|
Passphrase:
|
|
: <input type="password" name="text" maxlength="512" value=""<?=$online?> onKeyUp="toggleApply(this.form)"><?if (!$online):?><input id="eye" type="checkbox" onchange="showPass(this.checked)">show passphrase<?endif;?>
|
|
|
|
<div id="retype" markdown="1" style="display:none">
|
|
Retype passphrase:
|
|
: <input type="password" name="copy" maxlength="512" value=""<?=$online?> onKeyUp="toggleApply(this.form)">
|
|
|
|
</div>
|
|
> Enter a passphrase of up to 512 characters. It is highly advisable to only use the 95 printable characters from the
|
|
> first 128 characters of the [ASCII table](https://en.wikipedia.org/wiki/ASCII), as they will always have the same binary
|
|
> representation. Other characters may have different encoding depending on system configuration and your passphrase will
|
|
> not work with a different encoding. If you want a longer passphrase or to include binary data, upload a keyfile instead.
|
|
>
|
|
> Please refer to the [cryptsetup FAQ](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions#5-security-aspects)
|
|
> for what constitutes a *secure* passphrase.
|
|
>
|
|
> **Memorize** this passphrase. **IF LOST, ENCRYPTED CONTENT CANNOT BE RECOVERED!**
|
|
|
|
</div>
|
|
<div id="file" markdown="1" style="display:none">
|
|
Keyfile:
|
|
: <input type="file" name="local" onchange="getFileContent(event,this.form)"<?=$online?>>
|
|
|
|
> Select a local keyfile with a stored encryption key or a binary file. The maximum size of the keyfile is 8M (8388608 byte).
|
|
>
|
|
> **Backup** your local keyfile. **IF LOST, ENCRYPTED CONTENT CANNOT BE RECOVERED!**
|
|
|
|
</div>
|
|
<input type="button" value="Benchmark" onclick="openBox('/webGui/include/CryptoBenchmark.php','Encryption Benchmarking',600,640)">
|
|
: <input type="submit" name="apply" value="Apply" class="lock"><input type="button" value="Done" onclick="done()"><?if ($online):?>Array must be <span class="strong big">Stopped</span> to change<?endif;?>
|
|
<?endif;?>
|
|
</form>
|