From 416080203b4dd79de857eaf7c7cc97d050e00a9f Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sun, 17 May 2020 19:31:04 +0200
Subject: main: accept multiple -passfile options

Each file will be read and then concatenated
for the effictive password. This can be used as a
kind of multi-factor authenticiton.

Fixes https://github.com/rfjakob/gocryptfs/issues/288
---
 Documentation/MANPAGE.md | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

(limited to 'Documentation')

diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md
index e5a70b8..f9cf728 100644
--- a/Documentation/MANPAGE.md
+++ b/Documentation/MANPAGE.md
@@ -109,7 +109,7 @@ See also `-exclude`, `-exclude-wildcard` and the [EXCLUDING FILES](#excluding-fi
 Enable (`-exec`) or disable (`-noexec`) executables in a gocryptfs mount
 (default: `-exec`). If both are specified, `-noexec` takes precedence.
 
-#### -extpass string
+#### -extpass CMD [-extpass ARG1 ...]
 Use an external program (like ssh-askpass) for the password prompt.
 The program should return the password on stdout, a trailing newline is
 stripped by gocryptfs. If you just want to read from a password file, see `-passfile`.
@@ -302,14 +302,23 @@ built-in crypto is 4x slower unless your CPU has AES instructions and
 you are using Go 1.6+. In mode "auto", gocrypts chooses the faster
 option.
 
-#### -passfile string
-Read password from the specified file. A warning will be printed if there
-is more than one line, and only the first line will be used. A single
+#### -passfile FILE [-passfile FILE2 ...]
+Read password from the specified plain text file. The file should contain exactly
+one line (do not use binary files!).
+A warning will be printed if there is more than one line, and only
+the first line will be used. A single
 trailing newline is allowed and does not cause a warning.
 
-Before gocryptfs v1.7, using `-passfile` was equivant to writing
-`-extpass="/bin/cat -- FILE"`.
-gocryptfs v1.7 and later directly read the file without invoking `cat`.
+Pass this option multiple times to read the first line from multiple
+files. They are concatenated for the effective password.
+
+Example:
+
+    echo hello > hello.txt
+    echo word > world.txt
+    gocryptfs -passfile hello.txt -passfile world.txt
+
+The effective password will be "helloworld".
 
 #### -passwd
 Change the password. Will ask for the old password, check if it is
-- 
cgit v1.2.3