Man page - gfsec-use(1)

Packages contains this manual

Package: gfsecret
apt-get install gfsecret

Manuals in package:

Documentations in package:

gfsecret

Manual

GFSEC-USE

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
CONFIGURATION FILE
EXAMPLE CONFIGURATION FILE
REPORTING BUGS
SEE ALSO
COPYRIGHT

NAME

gfsec-use - Make use of a shared secret

SYNOPSIS

gfsec-use

DESCRIPTION

gfsec-use reconstructs a secret file that has been previously split using a tool like gfsplit (1) or the accompanying program gfsec-split (1).

A user-specified command (or a shell) is spawn once the secret has been reconstructed, and the secret file is deleted when the command terminates.

OPTIONS

-h , --help

Display the help message.

-v , --version

Display the version message.

-c , --config file

Specify a configuration file. If the specified file does not exist, a .conf extension is appended to the filename and a corresponding file is searched in $XDG_CONFIG_HOME/gfsecret. When that option is not used, a default configuration $XDG_CONFIG_HOME/gfsecret/default.conf is assumed.

-k , --keep

Do not delete the reconstructed file upon termination of the specified command.

-o , --output file

Write the reconstructed secret in the specified file. This overrides the OUTFILE parameter in the configuration file.

-r , --restore-cmd command

Execute the specified command instead of writing the reconstructed secret to a file. The secret is sent to the command’s standard input.

-d , --destroy-cmd command

Execute the specified command instead of deleting the reconstructed secret file upon termination.

CONFIGURATION FILE

A configuration file describes one secret file to reconstruct. Blank lines and lines starting with a # character are ignored.

The following directives can be used:
OUTFILE= file

Specify the file to write the reconstructed secret into.

RESTORE= command

Specify the command to execute once the secret has been reconstructed.

DESTROY= command

Specify the command to execute to destroy the secret upon termination.

MINSHARES= n

Specify the minimal number of shares needed to reconstruct the secret. The default if unspecified is 2.

URI= uri

Specify an URI indicating where to find a share.

Supported URI schemes are:
file:///

Indicates a file on the local filesystem.

uuid:// uuid /

Indicates a file on the external volume identified by the specified UUID.

label:// label /

Indicates a file on the external volume identified by the specified label.

mtp:// serial /

Indicates a file on the MTP device identified by the specified serial number.

http:// host /

Indicates a file on a web server identified by its hostname.

https:// host /

Same as the previous one, but the web server is to be accessed through a secure connection.

Whatever the scheme, the file part of the URI must end with an extension indicating the share number, as generated by gfsplit (1).

The URI may include a share=no parameter, indicating that the corresponding file contains the whole secret and not only a share (in that case, the previous remark about the share number in the extension does not apply).

Another parameter is sha256 , which specifies the expected SHA-256 hash value of the share data. If such a parameter is specified, a share will only be used if the data matches the expected hash value.

The gfsec-split (1) program, used to split a file into shares, will automatically generate a suitable configuration file allowing to reconstruct the original file.

EXAMPLE CONFIGURATION FILE

OUTFILE=/home/alice/mysecret
MINSHARES=2
URI=file:///home/alice/.local/share/gfsecret/mysecret.024
URI=label://USBSTICK/mysecret.070?sha256= hex_hash
URI=mtp://RF2GB6X704P/Documents/mysecret.139

REPORTING BUGS

Report bugs to Damien Goutte-Gattat .

COPYRIGHT

This program is released under the GNU General Public License. See the COPYING file in the source distribution or http://www.gnu.org/licenses/gpl.html .