From f76fb0c6b99a7688b730e16f2968029eaec05aac Mon Sep 17 00:00:00 2001 From: rfjakob Date: Sat, 29 Feb 2020 20:51:23 +0100 Subject: Updated Restore gocryptfs.conf (markdown) --- Recreate-gocryptfs.conf-using-masterkey.md | 73 ++++++++++++++++++++++++++++++ Restore-gocryptfs.conf.md | 70 ---------------------------- 2 files changed, 73 insertions(+), 70 deletions(-) create mode 100644 Recreate-gocryptfs.conf-using-masterkey.md delete mode 100644 Restore-gocryptfs.conf.md diff --git a/Recreate-gocryptfs.conf-using-masterkey.md b/Recreate-gocryptfs.conf-using-masterkey.md new file mode 100644 index 0000000..e7527e6 --- /dev/null +++ b/Recreate-gocryptfs.conf-using-masterkey.md @@ -0,0 +1,73 @@ +If you lose your `gocryptfs.conf` but have saved your masterkey, you can create a new `gocryptfs.conf` like this: + +* Use `gocryptfs -init` to create a new config file (password does not matter) +* Then use `gocryptfs -passwd -masterkey` to override the masterkey and set a new password + +### Complete example + +(1) You create your filesystem and store data in it: + +``` +$ gocryptfs -init a +Choose a password for protecting your files. +Password: +Repeat: + +Your master key is: + + 66a765c3-2868b607-ed6b8369-a1263c29- + 1eac1192-26b5ea50-e48e73e5-76af82df + +If the gocryptfs.conf file becomes corrupted or you ever forget your password, +there is only one hope for recovery: The master key. Print it to a piece of +paper and store it in a drawer. This message is only printed once. +The gocryptfs filesystem has been created successfully. +You can now mount it using: gocryptfs a MOUNTPOINT + +$ gocryptfs a b +Password: +Decrypting master key +Filesystem mounted and ready. + +$ echo "hello world" > b/hello.txt + +$ fusermount -u b +``` + +(2) Disaster strikes: Your gocryptfs.conf is lost: +``` +$ rm a/gocryptfs.conf +rm: remove write-protected regular file 'a/gocryptfs.conf'? y +``` + +(3) Restore gocryptfs.conf using the masterkey that you saved: +``` +$ mkdir tmp + +$ gocryptfs -init tmp +[...] + +$ mv tmp/gocryptfs.conf a + +$ gocryptfs -passwd -masterkey 66a765c3-2868b607-ed6b8369-a1263c29-1eac1192-26b5ea50-e48e73e5-76af82df a +Using explicit master key. +THE MASTER KEY IS VISIBLE VIA "ps ax" AND MAY BE STORED IN YOUR SHELL HISTORY! +ONLY USE THIS MODE FOR EMERGENCIES +Please enter your new password. +Password: +Repeat: +A copy of the old config file has been created at "/tmp/tmp.lopzg3o5Yo/a/gocryptfs.conf.bak". +Delete it after you have verified that you can access your files with the new password. +Password changed. + +$ gocryptfs a b +Password: +Decrypting master key +Filesystem mounted and ready. + +$ cat b/hello.txt +hello world +``` + +### Notes +* If you have have used non-default options in `gocryptfs -init` in step (1) you also have to use them in step (3) \ No newline at end of file diff --git a/Restore-gocryptfs.conf.md b/Restore-gocryptfs.conf.md deleted file mode 100644 index 7aac379..0000000 --- a/Restore-gocryptfs.conf.md +++ /dev/null @@ -1,70 +0,0 @@ -If you lose your `gocryptfs.conf` but have saved your masterkey, you can create a new `gocryptfs.conf` like this: - -* Use `gocryptfs -init` to create a new config file (password does not matter) -* Then use `gocryptfs -passwd -masterkey` to override the masterkey and set a new password - -### Complete example - -You create your filesystem and store data in it: - -``` -$ gocryptfs -init a -Choose a password for protecting your files. -Password: -Repeat: - -Your master key is: - - 66a765c3-2868b607-ed6b8369-a1263c29- - 1eac1192-26b5ea50-e48e73e5-76af82df - -If the gocryptfs.conf file becomes corrupted or you ever forget your password, -there is only one hope for recovery: The master key. Print it to a piece of -paper and store it in a drawer. This message is only printed once. -The gocryptfs filesystem has been created successfully. -You can now mount it using: gocryptfs a MOUNTPOINT - -$ gocryptfs a b -Password: -Decrypting master key -Filesystem mounted and ready. - -$ echo "hello world" > b/hello.txt - -$ fusermount -u b -``` - -Disaster strikes: Your gocryptfs.conf is lost: -``` -$ rm a/gocryptfs.conf -rm: remove write-protected regular file 'a/gocryptfs.conf'? y -``` - -Restore gocryptfs.conf using the masterkey: -``` -$ mkdir tmp - -$ gocryptfs -init tmp -[...] - -$ mv tmp/gocryptfs.conf a - -$ gocryptfs -passwd -masterkey 66a765c3-2868b607-ed6b8369-a1263c29-1eac1192-26b5ea50-e48e73e5-76af82df a -Using explicit master key. -THE MASTER KEY IS VISIBLE VIA "ps ax" AND MAY BE STORED IN YOUR SHELL HISTORY! -ONLY USE THIS MODE FOR EMERGENCIES -Please enter your new password. -Password: -Repeat: -A copy of the old config file has been created at "/tmp/tmp.lopzg3o5Yo/a/gocryptfs.conf.bak". -Delete it after you have verified that you can access your files with the new password. -Password changed. - -$ gocryptfs a b -Password: -Decrypting master key -Filesystem mounted and ready. - -$ cat b/hello.txt -hello world -``` \ No newline at end of file -- cgit v1.2.3