bitlocker

package
v0.0.0-...-d707387 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 11, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

README

Glazier: Bitlocker Package

The Glazier Bitlocker package is a wrapper for Microsoft's BitLocker Drive Encryption Provider.

Example Usage

// Connect to the volume
vol, err := bitlocker.Connect("c:")
if err != nil {
  return err
}
defer vol.Close()
// Prepare for encryption
if err := vol.Prepare(bitlocker.VolumeTypeDefault, bitlocker.EncryptionTypeSoftware); err != nil {
  return err
}
// Add a recovery protector
if err := vol.ProtectWithNumericalPassword(""); err != nil {
  return err
}
// Protect with TPM
if err := vol.ProtectWithTPM(nil); err != nil {
  return err
}
// Start encryption
if err := vol.Encrypt(bitlocker.XtsAES256, bitlocker.EncryptDataOnly); err != nil {
  return err
}
return nil

Documentation

Rendered for windows/amd64

Overview

Package bitlocker provides functionality for managing Bitlocker.

Index

Constants

View Source 
const (
	EncryptDataOnly    EncryptionFlag = 0x00000001
	EncryptDemandWipe  EncryptionFlag = 0x00000002
	EncryptSynchronous EncryptionFlag = 0x00010000

	// Error Codes
	ERROR_IO_DEVICE                     int32 = -2147023779
	FVE_E_EDRIVE_INCOMPATIBLE_VOLUME    int32 = -2144272206
	FVE_E_NO_TPM_WITH_PASSPHRASE        int32 = -2144272212
	FVE_E_PASSPHRASE_TOO_LONG           int32 = -2144272214
	FVE_E_POLICY_PASSPHRASE_NOT_ALLOWED int32 = -2144272278
	FVE_E_NOT_DECRYPTED                 int32 = -2144272327
	FVE_E_INVALID_PASSWORD_FORMAT       int32 = -2144272331
	FVE_E_BOOTABLE_CDDVD                int32 = -2144272336
	FVE_E_PROTECTOR_EXISTS              int32 = -2144272335
)

Variables

This section is empty.

Functions

func BackupToAD 

func BackupToAD() error

BackupToAD backs up Bitlocker recovery keys to Active Directory.

Types

type DiscoveryVolumeType 

type DiscoveryVolumeType string

DiscoveryVolumeType specifies the type of discovery volume to be used by Prepare.

Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/preparevolume-win32-encryptablevolume 

const (
	// VolumeTypeNone indicates no discovery volume. This value creates a native BitLocker volume.
	VolumeTypeNone DiscoveryVolumeType = "<none>"
	// VolumeTypeDefault indicates the default behavior.
	VolumeTypeDefault DiscoveryVolumeType = "<default>"
	// VolumeTypeFAT32 creates a FAT32 discovery volume.
	VolumeTypeFAT32 DiscoveryVolumeType = "FAT32"
)

type EncryptionFlag 

type EncryptionFlag int32

Encryption Flags https://docs.microsoft.com/en-us/windows/win32/secprov/encrypt-win32-encryptablevolume

type EncryptionMethod 

type EncryptionMethod int32

Encryption Methods https://docs.microsoft.com/en-us/windows/win32/secprov/getencryptionmethod-win32-encryptablevolume 

const (
	None EncryptionMethod = iota
	AES128WithDiffuser
	AES256WithDiffuser
	AES128
	AES256
	HardwareEncryption
	XtsAES128
	XtsAES256
)

type ForceEncryptionType 

type ForceEncryptionType int32

ForceEncryptionType specifies the encryption type to be used when calling Prepare on the volume.

Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/preparevolume-win32-encryptablevolume 

const (
	// EncryptionTypeUnspecified indicates that the encryption type is not specified.
	EncryptionTypeUnspecified ForceEncryptionType = 0
	// EncryptionTypeSoftware specifies software encryption.
	EncryptionTypeSoftware ForceEncryptionType = 1
	// EncryptionTypeHardware specifies hardware encryption.
	EncryptionTypeHardware ForceEncryptionType = 2
)

type Volume 

type Volume struct {
	// contains filtered or unexported fields
}

A Volume tracks an open encryptable volume.

func Connect 

func Connect(driveLetter string) (Volume, error)

Connect connects to an encryptable volume in order to manage it. You must call Close() to release the volume when finished.

Example: bitlocker.Connect("c:")

func (*Volume) Close 

func (v *Volume) Close()

Close frees all resources associated with a volume.

func (*Volume) Encrypt 

func (v *Volume) Encrypt(method EncryptionMethod, flags EncryptionFlag) error

Encrypt encrypts the volume.

Example: vol.Encrypt(bitlocker.XtsAES256, bitlocker.EncryptDataOnly)

Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/encrypt-win32-encryptablevolume

func (*Volume) Prepare 

func (v *Volume) Prepare(volType DiscoveryVolumeType, encType ForceEncryptionType) error

Prepare prepares a new Bitlocker Volume. This should be called BEFORE any key protectors are added.

Example: vol.Prepare(bitlocker.VolumeTypeDefault, bitlocker.EncryptionTypeHardware)

Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/preparevolume-win32-encryptablevolume

func (*Volume) ProtectWithNumericalPassword 

func (v *Volume) ProtectWithNumericalPassword(password string) error

ProtectWithNumericalPassword adds a numerical password key protector.

Leave password as a blank string to have one auto-generated by Windows. (Recommended)

In Powershell this is referred to as a RecoveryPasswordProtector.

Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/protectkeywithnumericalpassword-win32-encryptablevolume

func (*Volume) ProtectWithPassphrase 

func (v *Volume) ProtectWithPassphrase(passphrase string) error

ProtectWithPassphrase adds a passphrase key protector.

Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/protectkeywithpassphrase-win32-encryptablevolume

func (*Volume) ProtectWithTPM 

func (v *Volume) ProtectWithTPM(platformValidationProfile *[]uint8) error

ProtectWithTPM adds the TPM key protector.

Ref: https://docs.microsoft.com/en-us/windows/win32/secprov/protectkeywithtpm-win32-encryptablevolume

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.