From 416080203b4dd79de857eaf7c7cc97d050e00a9f Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 17 May 2020 19:31:04 +0200 Subject: main: accept multiple -passfile options Each file will be read and then concatenated for the effictive password. This can be used as a kind of multi-factor authenticiton. Fixes https://github.com/rfjakob/gocryptfs/issues/288 --- Documentation/MANPAGE.md | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) (limited to 'Documentation') diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md index e5a70b8..f9cf728 100644 --- a/Documentation/MANPAGE.md +++ b/Documentation/MANPAGE.md @@ -109,7 +109,7 @@ See also `-exclude`, `-exclude-wildcard` and the [EXCLUDING FILES](#excluding-fi Enable (`-exec`) or disable (`-noexec`) executables in a gocryptfs mount (default: `-exec`). If both are specified, `-noexec` takes precedence. -#### -extpass string +#### -extpass CMD [-extpass ARG1 ...] Use an external program (like ssh-askpass) for the password prompt. The program should return the password on stdout, a trailing newline is stripped by gocryptfs. If you just want to read from a password file, see `-passfile`. @@ -302,14 +302,23 @@ built-in crypto is 4x slower unless your CPU has AES instructions and you are using Go 1.6+. In mode "auto", gocrypts chooses the faster option. -#### -passfile string -Read password from the specified file. A warning will be printed if there -is more than one line, and only the first line will be used. A single +#### -passfile FILE [-passfile FILE2 ...] +Read password from the specified plain text file. The file should contain exactly +one line (do not use binary files!). +A warning will be printed if there is more than one line, and only +the first line will be used. A single trailing newline is allowed and does not cause a warning. -Before gocryptfs v1.7, using `-passfile` was equivant to writing -`-extpass="/bin/cat -- FILE"`. -gocryptfs v1.7 and later directly read the file without invoking `cat`. +Pass this option multiple times to read the first line from multiple +files. They are concatenated for the effective password. + +Example: + + echo hello > hello.txt + echo word > world.txt + gocryptfs -passfile hello.txt -passfile world.txt + +The effective password will be "helloworld". #### -passwd Change the password. Will ask for the old password, check if it is -- cgit v1.2.3