diff options
author | Jakob Unterwurzacher | 2020-05-17 19:31:04 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2020-05-17 19:31:04 +0200 |
commit | 416080203b4dd79de857eaf7c7cc97d050e00a9f (patch) | |
tree | ed729c4cd365acc803a3d1e339eae8f1e8112f4c /Documentation/MANPAGE.md | |
parent | ded4bbe6456dcfaa770f2c06df46d578fcbaa97e (diff) |
main: accept multiple -passfile options
Each file will be read and then concatenated
for the effictive password. This can be used as a
kind of multi-factor authenticiton.
Fixes https://github.com/rfjakob/gocryptfs/issues/288
Diffstat (limited to 'Documentation/MANPAGE.md')
-rw-r--r-- | Documentation/MANPAGE.md | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md index e5a70b8..f9cf728 100644 --- a/Documentation/MANPAGE.md +++ b/Documentation/MANPAGE.md @@ -109,7 +109,7 @@ See also `-exclude`, `-exclude-wildcard` and the [EXCLUDING FILES](#excluding-fi Enable (`-exec`) or disable (`-noexec`) executables in a gocryptfs mount (default: `-exec`). If both are specified, `-noexec` takes precedence. -#### -extpass string +#### -extpass CMD [-extpass ARG1 ...] Use an external program (like ssh-askpass) for the password prompt. The program should return the password on stdout, a trailing newline is stripped by gocryptfs. If you just want to read from a password file, see `-passfile`. @@ -302,14 +302,23 @@ built-in crypto is 4x slower unless your CPU has AES instructions and you are using Go 1.6+. In mode "auto", gocrypts chooses the faster option. -#### -passfile string -Read password from the specified file. A warning will be printed if there -is more than one line, and only the first line will be used. A single +#### -passfile FILE [-passfile FILE2 ...] +Read password from the specified plain text file. The file should contain exactly +one line (do not use binary files!). +A warning will be printed if there is more than one line, and only +the first line will be used. A single trailing newline is allowed and does not cause a warning. -Before gocryptfs v1.7, using `-passfile` was equivant to writing -`-extpass="/bin/cat -- FILE"`. -gocryptfs v1.7 and later directly read the file without invoking `cat`. +Pass this option multiple times to read the first line from multiple +files. They are concatenated for the effective password. + +Example: + + echo hello > hello.txt + echo word > world.txt + gocryptfs -passfile hello.txt -passfile world.txt + +The effective password will be "helloworld". #### -passwd Change the password. Will ask for the old password, check if it is |