Tools to make secret sharing easier.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

144 lines
3.4 KiB

.TH GFSEC-USE 07/02/2016 "gfsecret @PACKAGE_VERSION@"
.SH NAME
gfsec-use \- Make use of a shared secret
.SH SYNOPSIS
.SY gfsec-use
.RB [ \-h | --help ]
.RB [ \-v | --version ]
.RB [ \-c | --config
.IR file ]
.RB [ \-o | --output
.IR file ]
.RB [ command... ]
.YS
.SH DESCRIPTION
.PP
.B gfsec-use
reconstructs a secret file that has been previously
splitted using a tool like
.BR gfsplit (1)
or the accompanying program
.BR gfsec-split (1).
.PP
A user-specified command (or a shell) is spawn once
the secret has been reconstructed, and the secret
file is deleted when the command terminates.
.SH OPTIONS
.TP
.BR -h ", " --help
Display the help message.
.TP
.BR -v ", " --version
Display the version message.
.TP
.BR -c ", " --config " " \fIfile\fR
Specify a configuration file. If the specified
file does not exist, a .conf extension is appended
to the filename and a corresponding file is searched
in $XDG_CONFIG_HOME/gfsecret. When that option is
not used, a default configuration
$XDG_CONFIG_HOME/gfsecret/default.conf is assumed.
.TP
.BR -o ", " --output " " \fIfile\fR
Write the reconstructed secret in the specified
file. This overrides the OUTFILE parameter in the
configuration file.
.SH CONFIGURATION FILE
.PP
A configuration file describes one secret file to reconstruct.
Blank lines and lines starting with a # character are ignored.
.PP
The following directives can be used:
.TP
OUTFILE=\fIfile\fR
Specify the file to write the reconstructed secret into.
.TP
MINSHARES=\fIn\fR
Specify the minimal number of shares needed to reconstruct
the secret. The default if unspecified is 2.
.TP
URI=\fIuri\fR
Specify an URI indicating where to find a share.
.PP
Supported URI schemes are:
.TP
file:///
Indicates a file on the local filesystem.
.TP
uuid://\fIuuid\fR/
Indicates a file on the external volume identified
by the specified UUID.
.TP
label://\fIlabel\fR/
Indicates a file on the external volume identified
by the specified label.
.TP
mtp://\fIserial\fR/
Indicates a file on the MTP device identified by the
specified serial number.
.PP
Whatever the scheme, the file part of the URI must end
with an extension indicating the share number, as
generated by
.BR gfsplit (1).
.PP
The URI may include a \fIshare=no\fR parameter,
indicating that the corresponding file contains the
whole secret and not only a share (in that case, the
previous remark about the share number in the extension
does not apply).
.PP
Another parameter is \fIsha256\fR, which specifies the
expected SHA-256 hash value of the share data. If such a
parameter is specified, a share will only be used if the
data matches the expected hash value.
.PP
The
.BR gfsec-split (1)
program, used to split a file into shares, will automatically
generate a suitable configuration file allowing to reconstruct
the original file.
.SH EXAMPLE CONFIGURATION FILE
.PP
.nf
OUTFILE=/home/alice/mysecret
MINSHARES=2
URI=file:///home/alice/.local/share/gfsecret/mysecret.024
URI=label://USBSTICK/mysecret.070?sha256=\fIhex_hash\fR
URI=mtp://RF2GB6X704P/Documents/mysecret.139
.fi
.SH REPORTING BUGS
.PP
Report bugs to
.MT @PACKAGE_BUGREPORT@
Damien Goutte-Gattat
.ME .
.SH SEE ALSO
.BR gfsec-split (1),
.BR gfsplit (1),
.BR gfcombine (1),
.BR libgfshare (3),
.BR gfshare (7)
.SH COPYRIGHT
.ad l
.PP
Copyright \(co 2016 Damien Goutte-Gattat
.PP
This program is released under the GNU General Public License.
See the COPYING file in the source distribution or
.UR http://www.gnu.org/licenses/gpl.html
.UE .