summaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
Diffstat (limited to 'internal')
-rw-r--r--internal/configfile/config_file.go1
-rw-r--r--internal/tlog/log.go37
2 files changed, 38 insertions, 0 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index c856ad0..1e48c97 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -104,6 +104,7 @@ func Create(filename string, password []byte, plaintextNames bool,
} else {
key = cryptocore.RandBytes(cryptocore.KeyLen)
}
+ tlog.PrintMasterkeyReminder(key)
// Encrypt it using the password
// This sets ScryptObject and EncryptedKey
// Note: this looks at the FeatureFlags, so call it AFTER setting them.
diff --git a/internal/tlog/log.go b/internal/tlog/log.go
index 1c80911..9277abd 100644
--- a/internal/tlog/log.go
+++ b/internal/tlog/log.go
@@ -3,6 +3,7 @@
package tlog
import (
+ "encoding/hex"
"encoding/json"
"fmt"
"log"
@@ -144,3 +145,39 @@ func SwitchLoggerToSyslog(p syslog.Priority) {
log.SetOutput(w)
}
}
+
+// PrintMasterkeyReminder reminds the user that he should store the master key in
+// a safe place.
+func PrintMasterkeyReminder(key []byte) {
+ if !Info.Enabled {
+ // Quiet mode
+ return
+ }
+ if !terminal.IsTerminal(int(os.Stdout.Fd())) {
+ // We don't want the master key to end up in a log file
+ Info.Printf("Not running on a terminal, suppressing master key display\n")
+ return
+ }
+ h := hex.EncodeToString(key)
+ var hChunked string
+ // Try to make it less scary by splitting it up in chunks
+ for i := 0; i < len(h); i += 8 {
+ hChunked += h[i : i+8]
+ if i < 52 {
+ hChunked += "-"
+ }
+ if i == 24 {
+ hChunked += "\n "
+ }
+ }
+ Info.Printf(`
+Your master key is:
+
+ %s
+
+If the gocryptfs.conf file becomes corrupted or you ever forget your password,
+there is only one hope for recovery: The master key. Print it to a piece of
+paper and store it in a drawer. This message is only printed once.
+
+`, ColorGrey+hChunked+ColorReset)
+}