-
Notifications
You must be signed in to change notification settings - Fork 257
Recreate gocryptfs.conf using masterkey
rfjakob edited this page Feb 29, 2020
·
2 revisions
If you lose your gocryptfs.conf
but have saved your masterkey, you can create a new gocryptfs.conf
like this:
- Use
gocryptfs -init
on a temporary directory to create a new config file (password does not matter) - Then use
gocryptfs -passwd -masterkey
to override the masterkey and set a new password
(1) You create your filesystem and store data in it:
$ gocryptfs -init a
Choose a password for protecting your files.
Password:
Repeat:
Your master key is:
66a765c3-2868b607-ed6b8369-a1263c29-
1eac1192-26b5ea50-e48e73e5-76af82df
If the gocryptfs.conf file becomes corrupted or you ever forget your password,
there is only one hope for recovery: The master key. Print it to a piece of
paper and store it in a drawer. This message is only printed once.
The gocryptfs filesystem has been created successfully.
You can now mount it using: gocryptfs a MOUNTPOINT
$ gocryptfs a b
Password:
Decrypting master key
Filesystem mounted and ready.
$ echo "hello world" > b/hello.txt
$ fusermount -u b
(2) Disaster strikes: Your gocryptfs.conf is lost:
$ rm a/gocryptfs.conf
rm: remove write-protected regular file 'a/gocryptfs.conf'? y
(3) Restore gocryptfs.conf using the masterkey that you saved:
$ mkdir tmp
$ gocryptfs -init tmp
[...]
$ mv tmp/gocryptfs.conf a
$ gocryptfs -passwd -masterkey 66a765c3-2868b607-ed6b8369-a1263c29-1eac1192-26b5ea50-e48e73e5-76af82df a
Using explicit master key.
THE MASTER KEY IS VISIBLE VIA "ps ax" AND MAY BE STORED IN YOUR SHELL HISTORY!
ONLY USE THIS MODE FOR EMERGENCIES
Please enter your new password.
Password:
Repeat:
A copy of the old config file has been created at "/tmp/tmp.lopzg3o5Yo/a/gocryptfs.conf.bak".
Delete it after you have verified that you can access your files with the new password.
Password changed.
$ gocryptfs a b
Password:
Decrypting master key
Filesystem mounted and ready.
$ cat b/hello.txt
hello world
- If you have have used non-default options in
gocryptfs -init
in step (1) you also have to use them in step (3)