If you lose your `gocryptfs.conf` but have saved your masterkey, you can create a new `gocryptfs.conf` like this: * Use `gocryptfs -init` on a temporary directory to create a new config file (password does not matter) * Then use `gocryptfs -passwd -masterkey` to override the masterkey and set a new password ### Complete example (1) You create your filesystem and store data in it: ``` $ gocryptfs -init a Choose a password for protecting your files. Password: Repeat: Your master key is: 66a765c3-2868b607-ed6b8369-a1263c29- 1eac1192-26b5ea50-e48e73e5-76af82df If the gocryptfs.conf file becomes corrupted or you ever forget your password, there is only one hope for recovery: The master key. Print it to a piece of paper and store it in a drawer. This message is only printed once. The gocryptfs filesystem has been created successfully. You can now mount it using: gocryptfs a MOUNTPOINT $ gocryptfs a b Password: Decrypting master key Filesystem mounted and ready. $ echo "hello world" > b/hello.txt $ fusermount -u b ``` (2) Disaster strikes: Your gocryptfs.conf is lost: ``` $ rm a/gocryptfs.conf rm: remove write-protected regular file 'a/gocryptfs.conf'? y ``` (3) Restore gocryptfs.conf using the masterkey that you saved: ``` $ mkdir tmp $ gocryptfs -init tmp [...] $ mv tmp/gocryptfs.conf a $ gocryptfs -passwd -masterkey 66a765c3-2868b607-ed6b8369-a1263c29-1eac1192-26b5ea50-e48e73e5-76af82df a Using explicit master key. THE MASTER KEY IS VISIBLE VIA "ps ax" AND MAY BE STORED IN YOUR SHELL HISTORY! ONLY USE THIS MODE FOR EMERGENCIES Please enter your new password. Password: Repeat: A copy of the old config file has been created at "/tmp/tmp.lopzg3o5Yo/a/gocryptfs.conf.bak". Delete it after you have verified that you can access your files with the new password. Password changed. $ gocryptfs a b Password: Decrypting master key Filesystem mounted and ready. $ cat b/hello.txt hello world ``` ### Notes * If you have have used non-default options in `gocryptfs -init` in step (1) you also have to use them in step (3)