Install Now
gfsec-use - Make use of a shared secret
Contents
Configuration File
A configuration file describes one secret file to reconstruct. Blank lines and lines starting with a #
character are ignored.
The following directives can be used:
OUTFILE=file
Specify the file to write the reconstructed secret into.
RESTORE=command
Specify the command to execute once the secret has been reconstructed.
DESTROY=command
Specify the command to execute to destroy the secret upon termination.
MINSHARES=n
Specify the minimal number of shares needed to reconstruct the secret. The default if unspecified
is 2.
URI=uri
Specify an URI indicating where to find a share.
Supported URI schemes are:
file:///
Indicates a file on the local filesystem.
uuid://uuid/
Indicates a file on the external volume identified by the specified UUID.
label://label/
Indicates a file on the external volume identified by the specified label.
mtp://serial/
Indicates a file on the MTP device identified by the specified serial number.
http://host/
Indicates a file on a web server identified by its hostname.
https://host/
Same as the previous one, but the web server is to be accessed through a secure connection.
Whatever the scheme, the file part of the URI must end with an extension indicating the share number, as
generated by gfsplit(1).
The URI may include a share=no parameter, indicating that the corresponding file contains the whole
secret and not only a share (in that case, the previous remark about the share number in the extension
does not apply).
Another parameter is sha256, which specifies the expected SHA-256 hash value of the share data. If such a
parameter is specified, a share will only be used if the data matches the expected hash value.
The gfsec-split(1) program, used to split a file into shares, will automatically generate a suitable
configuration file allowing to reconstruct the original file.
Copyright
Copyright © 2017,2021 Damien Goutte-Gattat
This program is released under the GNU General Public License. See the COPYING file in the source
distribution or http://www.gnu.org/licenses/gpl.html.
gfsecret 0.5.1 2021-07-17 GFSEC-USE(1)
Description
gfsec-use reconstructs a secret file that has been previously split using a tool like gfsplit(1) or the accompanying program gfsec-split(1). A user-specified command (or a shell) is spawn once the secret has been reconstructed, and the secret file is deleted when the command terminates.
Example Configuration File
OUTFILE=/home/alice/mysecret
MINSHARES=2
URI=file:///home/alice/.local/share/gfsecret/mysecret.024
URI=label://USBSTICK/mysecret.070?sha256=hex_hash
URI=mtp://RF2GB6X704P/Documents/mysecret.139
Name
gfsec-use - Make use of a shared secret
Options
-h, --help
Display the help message.
-v, --version
Display the version message.
-c, --configfile
Specify a configuration file. If the specified file does not exist, a .conf extension is appended
to the filename and a corresponding file is searched in $XDG_CONFIG_HOME/gfsecret. When that
option is not used, a default configuration $XDG_CONFIG_HOME/gfsecret/default.conf is assumed.
-k, --keep
Do not delete the reconstructed file upon termination of the specified command.
-o, --outputfile
Write the reconstructed secret in the specified file. This overrides the OUTFILE parameter in the
configuration file.
-r, --restore-cmdcommand
Execute the specified command instead of writing the reconstructed secret to a file. The secret is
sent to the command's standard input.
-d, --destroy-cmdcommand
Execute the specified command instead of deleting the reconstructed secret file upon termination.
Reporting Bugs
Report bugs to Damien Goutte-Gattat.
See Also
gfsec-split(1), gfsplit(1), gfcombine(1), libgfshare(3), gfshare(7)
Synopsis
gfsec-use [-h|--help] [-v|--version] [-c|--configfile] [-k|--keep] [-o|--outputfile] [-r|--restore-cmdcommand] [-d|--destroy-cmdcommand] [command...]
PNG Icons
SVG Icons