Provided by: gfsecret_0.4.6-2_amd64 
NAME
gfsec-use - Make use of a shared secret
SYNOPSIS
gfsec-use [-h|--help] [-v|--version] [-c|--config file] [-k|--keep] [-o|--output file] [-r|--restore-cmd
command] [-d|--destroy-cmd command] [command...]
DESCRIPTION
gfsec-use reconstructs a secret file that has been previously split using a tool like gfsplit(1) or the
accompanying program gfsec-split(1).
A user-specified command (or a shell) is spawn once the secret has been reconstructed, and the secret
file is deleted when the command terminates.
OPTIONS
-h, --help
Display the help message.
-v, --version
Display the version message.
-c, --config file
Specify a configuration file. If the specified file does not exist, a .conf extension is appended
to the filename and a corresponding file is searched in $XDG_CONFIG_HOME/gfsecret. When that
option is not used, a default configuration $XDG_CONFIG_HOME/gfsecret/default.conf is assumed.
-k, --keep
Do not delete the reconstructed file upon termination of the specified command.
-o, --output file
Write the reconstructed secret in the specified file. This overrides the OUTFILE parameter in the
configuration file.
-r, --restore-cmd command
Execute the specified command instead of writing the reconstructed secret to a file. The secret is
sent to the command's standard input.
-d, --destroy-cmd command
Execute the specified command instead of deleting the reconstructed secret file upon termination.
CONFIGURATION FILE
A configuration file describes one secret file to reconstruct. Blank lines and lines starting with a #
character are ignored.
The following directives can be used:
OUTFILE=file
Specify the file to write the reconstructed secret into.
RESTORE=command
Specify the command to execute once the secret has been reconstructed.
DESTROY=command
Specify the command to execute to destroy the secret upon termination.
MINSHARES=n
Specify the minimal number of shares needed to reconstruct the secret. The default if unspecified
is 2.
URI=uri
Specify an URI indicating where to find a share.
Supported URI schemes are:
file:///
Indicates a file on the local filesystem.
uuid://uuid/
Indicates a file on the external volume identified by the specified UUID.
label://label/
Indicates a file on the external volume identified by the specified label.
mtp://serial/
Indicates a file on the MTP device identified by the specified serial number.
Whatever the scheme, the file part of the URI must end with an extension indicating the share number, as
generated by gfsplit(1).
The URI may include a share=no parameter, indicating that the corresponding file contains the whole
secret and not only a share (in that case, the previous remark about the share number in the extension
does not apply).
Another parameter is sha256, which specifies the expected SHA-256 hash value of the share data. If such a
parameter is specified, a share will only be used if the data matches the expected hash value.
The gfsec-split(1) program, used to split a file into shares, will automatically generate a suitable
configuration file allowing to reconstruct the original file.
EXAMPLE CONFIGURATION FILE
OUTFILE=/home/alice/mysecret
MINSHARES=2
URI=file:///home/alice/.local/share/gfsecret/mysecret.024
URI=label://USBSTICK/mysecret.070?sha256=hex_hash
URI=mtp://RF2GB6X704P/Documents/mysecret.139
REPORTING BUGS
Report bugs to Damien Goutte-Gattat.
SEE ALSO
gfsec-split(1), gfsplit(1), gfcombine(1), libgfshare(3), gfshare(7)
COPYRIGHT
Copyright © 2017 Damien Goutte-Gattat
This program is released under the GNU General Public License. See the COPYING file in the source
distribution or http://www.gnu.org/licenses/gpl.html.
gfsecret 0.4.6 2017-07-23 GFSEC-USE(1)