Provided by: gfsecret_0.5.0-1_amd64 
NAME
gfsec-use - Make use of a shared secret
SYNOPSIS
gfsec-use [-h|--help] [-v|--version] [-c|--config file] [-k|--keep] [-o|--output file]
[-r|--restore-cmd command] [-d|--destroy-cmd command] [command...]
DESCRIPTION
gfsec-use reconstructs a secret file that has been previously split using a tool like
gfsplit(1) or the accompanying program gfsec-split(1).
A user-specified command (or a shell) is spawn once the secret has been reconstructed, and
the secret file is deleted when the command terminates.
OPTIONS
-h, --help
Display the help message.
-v, --version
Display the version message.
-c, --config file
Specify a configuration file. If the specified file does not exist, a .conf
extension is appended to the filename and a corresponding file is searched in
$XDG_CONFIG_HOME/gfsecret. When that option is not used, a default configuration
$XDG_CONFIG_HOME/gfsecret/default.conf is assumed.
-k, --keep
Do not delete the reconstructed file upon termination of the specified command.
-o, --output file
Write the reconstructed secret in the specified file. This overrides the OUTFILE
parameter in the configuration file.
-r, --restore-cmd command
Execute the specified command instead of writing the reconstructed secret to a
file. The secret is sent to the command's standard input.
-d, --destroy-cmd command
Execute the specified command instead of deleting the reconstructed secret file
upon termination.
CONFIGURATION FILE
A configuration file describes one secret file to reconstruct. Blank lines and lines
starting with a # character are ignored.
The following directives can be used:
OUTFILE=file
Specify the file to write the reconstructed secret into.
RESTORE=command
Specify the command to execute once the secret has been reconstructed.
DESTROY=command
Specify the command to execute to destroy the secret upon termination.
MINSHARES=n
Specify the minimal number of shares needed to reconstruct the secret. The default
if unspecified is 2.
URI=uri
Specify an URI indicating where to find a share.
Supported URI schemes are:
file:///
Indicates a file on the local filesystem.
uuid://uuid/
Indicates a file on the external volume identified by the specified UUID.
label://label/
Indicates a file on the external volume identified by the specified label.
mtp://serial/
Indicates a file on the MTP device identified by the specified serial number.
http://host/
Indicates a file on a web server identified by its hostname.
https://host/
Same as the previous one, but the web server is to be accessed through a secure
connection.
Whatever the scheme, the file part of the URI must end with an extension indicating the
share number, as generated by gfsplit(1).
The URI may include a share=no parameter, indicating that the corresponding file contains
the whole secret and not only a share (in that case, the previous remark about the share
number in the extension does not apply).
Another parameter is sha256, which specifies the expected SHA-256 hash value of the share
data. If such a parameter is specified, a share will only be used if the data matches the
expected hash value.
The gfsec-split(1) program, used to split a file into shares, will automatically generate
a suitable configuration file allowing to reconstruct the original file.
EXAMPLE CONFIGURATION FILE
OUTFILE=/home/alice/mysecret
MINSHARES=2
URI=file:///home/alice/.local/share/gfsecret/mysecret.024
URI=label://USBSTICK/mysecret.070?sha256=hex_hash
URI=mtp://RF2GB6X704P/Documents/mysecret.139
REPORTING BUGS
Report bugs to Damien Goutte-Gattat ⟨devel@incenp.org⟩.
SEE ALSO
gfsec-split(1), gfsplit(1), gfcombine(1), libgfshare(3), gfshare(7)
COPYRIGHT
Copyright © 2017,2021 Damien Goutte-Gattat
This program is released under the GNU General Public License. See the COPYING file in
the source distribution or ⟨http://www.gnu.org/licenses/gpl.html⟩.