diff options
Diffstat (limited to 'Recreate-gocryptfs.conf-using-masterkey.md')
-rw-r--r-- | Recreate-gocryptfs.conf-using-masterkey.md | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/Recreate-gocryptfs.conf-using-masterkey.md b/Recreate-gocryptfs.conf-using-masterkey.md new file mode 100644 index 0000000..e7527e6 --- /dev/null +++ b/Recreate-gocryptfs.conf-using-masterkey.md @@ -0,0 +1,73 @@ +If you lose your `gocryptfs.conf` but have saved your masterkey, you can create a new `gocryptfs.conf` like this: + +* Use `gocryptfs -init` to create a new config file (password does not matter) +* Then use `gocryptfs -passwd -masterkey` to override the masterkey and set a new password + +### Complete example + +(1) You create your filesystem and store data in it: + +``` +$ gocryptfs -init a +Choose a password for protecting your files. +Password: +Repeat: + +Your master key is: + + 66a765c3-2868b607-ed6b8369-a1263c29- + 1eac1192-26b5ea50-e48e73e5-76af82df + +If the gocryptfs.conf file becomes corrupted or you ever forget your password, +there is only one hope for recovery: The master key. Print it to a piece of +paper and store it in a drawer. This message is only printed once. +The gocryptfs filesystem has been created successfully. +You can now mount it using: gocryptfs a MOUNTPOINT + +$ gocryptfs a b +Password: +Decrypting master key +Filesystem mounted and ready. + +$ echo "hello world" > b/hello.txt + +$ fusermount -u b +``` + +(2) Disaster strikes: Your gocryptfs.conf is lost: +``` +$ rm a/gocryptfs.conf +rm: remove write-protected regular file 'a/gocryptfs.conf'? y +``` + +(3) Restore gocryptfs.conf using the masterkey that you saved: +``` +$ mkdir tmp + +$ gocryptfs -init tmp +[...] + +$ mv tmp/gocryptfs.conf a + +$ gocryptfs -passwd -masterkey 66a765c3-2868b607-ed6b8369-a1263c29-1eac1192-26b5ea50-e48e73e5-76af82df a +Using explicit master key. +THE MASTER KEY IS VISIBLE VIA "ps ax" AND MAY BE STORED IN YOUR SHELL HISTORY! +ONLY USE THIS MODE FOR EMERGENCIES +Please enter your new password. +Password: +Repeat: +A copy of the old config file has been created at "/tmp/tmp.lopzg3o5Yo/a/gocryptfs.conf.bak". +Delete it after you have verified that you can access your files with the new password. +Password changed. + +$ gocryptfs a b +Password: +Decrypting master key +Filesystem mounted and ready. + +$ cat b/hello.txt +hello world +``` + +### Notes +* If you have have used non-default options in `gocryptfs -init` in step (1) you also have to use them in step (3)
\ No newline at end of file |