table of contents
| GFSEC-SPLIT-GPG(1) | Gfsecret Manual | GFSEC-SPLIT-GPG(1) |
NAME¶
gfsec-split-gpg - Split a GnuPG primary private key
SYNOPSIS¶
gfsec-split |
[-h|--help] [-v|--version] [-u|--user-id id] [-k|--keep] [-c|--config file] [-i|--interactive] [-n|--threshold N] URI... |
DESCRIPTION¶
gfsec-split-gpg is a wrapper script around gfsec-split to facilitate splitting a GnuPG private primary key into a number of shares and dispatching the resulting shares onto external storage supports.
The split key can then be temporarily reconstructed gfsec-use(1).
OPTIONS¶
- -h, --help
- Display the help message.
- -v, --version
- Display the version message.
- -u, --user-id uid
- Split the primary key associated with the specified OpenPGP User ID. This option is only needed if the GnuPG private keyring contains more than one primary private key.
- -k, --keep
- By default, gfsec-split-gpg will remove the key from the GnuPG keyring once it has been successfully split. Use this option to prevent the key from being removed.
- -c, --config file
- Write the configuration file (allowing to reconstruct the secret with gfsec-use(1) ) to the specified file. Default is $XDG_CONFIG_HOME/gfsecret/masterkey.conf. If FILE is a single filename without extension and without a directory part, the file will be placed under the $XDG_CONFIG_HOME/gfsecret directory with a .conf extension.
- -i, --interactive
- Present the user with an interactive menu to specify the shares to create.
- -n, --threshold N
- Specify the minimal number of shares required to re-assemble the split file. Default is 2.
NOTES¶
This script will only work with GnuPG 2.1 or higher. It will abort before attempting anything if it cannot detect a binary for the correct GnuPG version.
EXAMPLE INVOCATION¶
gfsec-split-gpg alice \
file:///home/alice/.local/share/gfsecret/mykey \
label://USBSTICK/mykey \
mtp://RF2GB6X704P/Documents/mykey \
The above example will split Alice's primary private key into three shares: one on the local filesystem, one on the USB mass storage device with the label USBSTICK, and one on the MTP-compliant device with the serial RF2GB6X704P. A configuration file will be written in $XDG_CONFIG_HOME/gfsecret/mysecret allowing to automatically reconstruct the file with gfsec-use(1) provided at least one of the two removable supports are present.
REPORTING BUGS¶
Report bugs to Damien Goutte-Gattat.
SEE ALSO¶
COPYRIGHT¶
Copyright © 2017 Damien Goutte-Gattat
This program is released under the GNU General Public License. See the COPYING file in the source distribution or http://www.gnu.org/licenses/gpl.html.
| 2017-08-26 | gfsecret 0.5.1 |