Provided by: gfsecret_0.5.1-1_amd64 
NAME
gfsec-use - Make use of a shared secret
SYNOPSIS
gfsec-use [-h|--help] [-v|--version] [-c|--config file] [-k|--keep] [-o|--output file] [-r|--restore-cmd
command] [-d|--destroy-cmd command] [command...]
DESCRIPTION
gfsec-use reconstructs a secret file that has been previously split using a tool like gfsplit(1) or the
accompanying program gfsec-split(1).
A user-specified command (or a shell) is spawn once the secret has been reconstructed, and the secret
file is deleted when the command terminates.
OPTIONS
-h, --help
Display the help message.
-v, --version
Display the version message.
-c, --config file
Specify a configuration file. If the specified file does not exist, a .conf extension is appended
to the filename and a corresponding file is searched in $XDG_CONFIG_HOME/gfsecret. When that
option is not used, a default configuration $XDG_CONFIG_HOME/gfsecret/default.conf is assumed.
-k, --keep
Do not delete the reconstructed file upon termination of the specified command.
-o, --output file
Write the reconstructed secret in the specified file. This overrides the OUTFILE parameter in the
configuration file.
-r, --restore-cmd command
Execute the specified command instead of writing the reconstructed secret to a file. The secret is
sent to the command's standard input.
-d, --destroy-cmd command
Execute the specified command instead of deleting the reconstructed secret file upon termination.
CONFIGURATION FILE
A configuration file describes one secret file to reconstruct. Blank lines and lines starting with a #
character are ignored.
The following directives can be used:
OUTFILE=file
Specify the file to write the reconstructed secret into.
RESTORE=command
Specify the command to execute once the secret has been reconstructed.
DESTROY=command
Specify the command to execute to destroy the secret upon termination.
MINSHARES=n
Specify the minimal number of shares needed to reconstruct the secret. The default if unspecified
is 2.
URI=uri
Specify an URI indicating where to find a share.
Supported URI schemes are:
file:///
Indicates a file on the local filesystem.
uuid://uuid/
Indicates a file on the external volume identified by the specified UUID.
label://label/
Indicates a file on the external volume identified by the specified label.
mtp://serial/
Indicates a file on the MTP device identified by the specified serial number.
http://host/
Indicates a file on a web server identified by its hostname.
https://host/
Same as the previous one, but the web server is to be accessed through a secure connection.
Whatever the scheme, the file part of the URI must end with an extension indicating the share number, as
generated by gfsplit(1).
The URI may include a share=no parameter, indicating that the corresponding file contains the whole
secret and not only a share (in that case, the previous remark about the share number in the extension
does not apply).
Another parameter is sha256, which specifies the expected SHA-256 hash value of the share data. If such a
parameter is specified, a share will only be used if the data matches the expected hash value.
The gfsec-split(1) program, used to split a file into shares, will automatically generate a suitable
configuration file allowing to reconstruct the original file.
EXAMPLE CONFIGURATION FILE
OUTFILE=/home/alice/mysecret
MINSHARES=2
URI=file:///home/alice/.local/share/gfsecret/mysecret.024
URI=label://USBSTICK/mysecret.070?sha256=hex_hash
URI=mtp://RF2GB6X704P/Documents/mysecret.139
REPORTING BUGS
Report bugs to Damien Goutte-Gattat.
SEE ALSO
gfsec-split(1), gfsplit(1), gfcombine(1), libgfshare(3), gfshare(7)
COPYRIGHT
Copyright © 2017,2021 Damien Goutte-Gattat
This program is released under the GNU General Public License. See the COPYING file in the source
distribution or http://www.gnu.org/licenses/gpl.html.
gfsecret 0.5.1 2021-07-17 GFSEC-USE(1)