summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Restore-gocryptfs.conf.md70
1 files changed, 70 insertions, 0 deletions
diff --git a/Restore-gocryptfs.conf.md b/Restore-gocryptfs.conf.md
new file mode 100644
index 0000000..7aac379
--- /dev/null
+++ b/Restore-gocryptfs.conf.md
@@ -0,0 +1,70 @@
+If you lose your `gocryptfs.conf` but have saved your masterkey, you can create a new `gocryptfs.conf` like this:
+
+* Use `gocryptfs -init` to create a new config file (password does not matter)
+* Then use `gocryptfs -passwd -masterkey` to override the masterkey and set a new password
+
+### Complete example
+
+You create your filesystem and store data in it:
+
+```
+$ gocryptfs -init a
+Choose a password for protecting your files.
+Password:
+Repeat:
+
+Your master key is:
+
+ 66a765c3-2868b607-ed6b8369-a1263c29-
+ 1eac1192-26b5ea50-e48e73e5-76af82df
+
+If the gocryptfs.conf file becomes corrupted or you ever forget your password,
+there is only one hope for recovery: The master key. Print it to a piece of
+paper and store it in a drawer. This message is only printed once.
+The gocryptfs filesystem has been created successfully.
+You can now mount it using: gocryptfs a MOUNTPOINT
+
+$ gocryptfs a b
+Password:
+Decrypting master key
+Filesystem mounted and ready.
+
+$ echo "hello world" > b/hello.txt
+
+$ fusermount -u b
+```
+
+Disaster strikes: Your gocryptfs.conf is lost:
+```
+$ rm a/gocryptfs.conf
+rm: remove write-protected regular file 'a/gocryptfs.conf'? y
+```
+
+Restore gocryptfs.conf using the masterkey:
+```
+$ mkdir tmp
+
+$ gocryptfs -init tmp
+[...]
+
+$ mv tmp/gocryptfs.conf a
+
+$ gocryptfs -passwd -masterkey 66a765c3-2868b607-ed6b8369-a1263c29-1eac1192-26b5ea50-e48e73e5-76af82df a
+Using explicit master key.
+THE MASTER KEY IS VISIBLE VIA "ps ax" AND MAY BE STORED IN YOUR SHELL HISTORY!
+ONLY USE THIS MODE FOR EMERGENCIES
+Please enter your new password.
+Password:
+Repeat:
+A copy of the old config file has been created at "/tmp/tmp.lopzg3o5Yo/a/gocryptfs.conf.bak".
+Delete it after you have verified that you can access your files with the new password.
+Password changed.
+
+$ gocryptfs a b
+Password:
+Decrypting master key
+Filesystem mounted and ready.
+
+$ cat b/hello.txt
+hello world
+``` \ No newline at end of file