Provided by: gfsecret_0.4.6-2_amd64 
NAME
gfsec-use - Make use of a shared secret
SYNOPSIS
gfsec-use [-h|--help] [-v|--version] [-c|--config file] [-k|--keep] [-o|--output file]
[-r|--restore-cmd command] [-d|--destroy-cmd command] [command...]
DESCRIPTION
gfsec-use reconstructs a secret file that has been previously split using a tool like
gfsplit(1) or the accompanying program gfsec-split(1).
A user-specified command (or a shell) is spawn once the secret has been reconstructed, and
the secret file is deleted when the command terminates.
OPTIONS
-h, --help
Display the help message.
-v, --version
Display the version message.
-c, --config file
Specify a configuration file. If the specified file does not exist, a .conf
extension is appended to the filename and a corresponding file is searched in
$XDG_CONFIG_HOME/gfsecret. When that option is not used, a default configuration
$XDG_CONFIG_HOME/gfsecret/default.conf is assumed.
-k, --keep
Do not delete the reconstructed file upon termination of the specified command.
-o, --output file
Write the reconstructed secret in the specified file. This overrides the OUTFILE
parameter in the configuration file.
-r, --restore-cmd command
Execute the specified command instead of writing the reconstructed secret to a
file. The secret is sent to the command's standard input.
-d, --destroy-cmd command
Execute the specified command instead of deleting the reconstructed secret file
upon termination.
CONFIGURATION FILE
A configuration file describes one secret file to reconstruct. Blank lines and lines
starting with a # character are ignored.
The following directives can be used:
OUTFILE=file
Specify the file to write the reconstructed secret into.
RESTORE=command
Specify the command to execute once the secret has been reconstructed.
DESTROY=command
Specify the command to execute to destroy the secret upon termination.
MINSHARES=n
Specify the minimal number of shares needed to reconstruct the secret. The default
if unspecified is 2.
URI=uri
Specify an URI indicating where to find a share.
Supported URI schemes are:
file:///
Indicates a file on the local filesystem.
uuid://uuid/
Indicates a file on the external volume identified by the specified UUID.
label://label/
Indicates a file on the external volume identified by the specified label.
mtp://serial/
Indicates a file on the MTP device identified by the specified serial number.
Whatever the scheme, the file part of the URI must end with an extension indicating the
share number, as generated by gfsplit(1).
The URI may include a share=no parameter, indicating that the corresponding file contains
the whole secret and not only a share (in that case, the previous remark about the share
number in the extension does not apply).
Another parameter is sha256, which specifies the expected SHA-256 hash value of the share
data. If such a parameter is specified, a share will only be used if the data matches the
expected hash value.
The gfsec-split(1) program, used to split a file into shares, will automatically generate
a suitable configuration file allowing to reconstruct the original file.
EXAMPLE CONFIGURATION FILE
OUTFILE=/home/alice/mysecret
MINSHARES=2
URI=file:///home/alice/.local/share/gfsecret/mysecret.024
URI=label://USBSTICK/mysecret.070?sha256=hex_hash
URI=mtp://RF2GB6X704P/Documents/mysecret.139
REPORTING BUGS
Report bugs to Damien Goutte-Gattat ⟨devel@incenp.org⟩.
SEE ALSO
gfsec-split(1), gfsplit(1), gfcombine(1), libgfshare(3), gfshare(7)
COPYRIGHT
Copyright © 2017 Damien Goutte-Gattat
This program is released under the GNU General Public License. See the COPYING file in
the source distribution or ⟨http://www.gnu.org/licenses/gpl.html⟩.