gfsec-split - Split a file into shares and dispatch them
gfsec-split |
[-h|--help] [-v|--version]
[-n|--threshold N] [-c|--config
file] [-i|--interactive] [-k|--keep]
[-o|--output file] [-r|--restore-cmd
command] [-d|--destroy-cmd command]
[-l|--list-supports] file URI... |
gfsec-split splits a file into a number of shares and
dispatches the resulting shares onto external storage supports.
The split file can then be temporarily reconstructed using the
accompanying program gfsec-use(1).
- -h, --help
- Display the help message.
- -v, --version
- Display the version message.
- -n, --threshold
N
- Specify the minimal number of shares required to re-assemble the split
file. Default is 2.
- -c, --config
file
- Write the configuration file (allowing to reconstruct the secret with
gfsec-use(1) ) to the specified file. Default is the basename of
the split file in $XDG_CONFIG_HOME/gfsecret. If FILE is a single filename
without extension and without a directory part, the file will be placed
under the $XDG_CONFIG_HOME/gfsecret directory with a .conf extension.
- -i,
--interactive
- Present the user with an interactive menu to specify the shares to
create.
- -k, --keep
- By default, gfsec-split will delete the original file once it has
been successfully split. Use this option to prevent the file to be
deleted. -o, --output file Specify the
location where gfsec-use will write the reconstructed secret. The default
is to use the original location. If set to an empty string, no location
will be written in the configuration file. -r, --restore-cmd
command Specify the command that gfsec-use will call to
restore the secret. -d, --destroy-cmd command
Specify the command that gfsec-use will call to destroy the secret when it
is no longer needed. The same command will also be called by gfsec-split
to destroy the secret once it has been split, unless the -k option has
been used.
- -l,
--list-supports
- List all the currently available supports which can be used to store
shares, then quit.
Shares are described using a URI-like syntax. For each share, the
URI indicates a storage device and a pathname on that device.
Supported URI schemes are:
- file:///
- Indicates a file on the local filesystem.
- uuid://uuid/
- Indicates a file on the external volume identified by the specified
UUID.
- label://label/
- Indicates a file on the external volume identified by the specified
label.
- mtp://serial/
- Indicates a file on the MTP device identified by the specified serial
number.
- http://host/
- Indicates a file on a web server identified by its hostname.
- https://host/
- Same as the previous one, but the web server is to be accessed through a
secure connection.
gfsec-split \
/home/alice/mysecret \
file:///home/alice/.local/share/gfsecret/mysecret \
label://USBSTICK/mysecret \
mtp://RF2GB6X704P/Documents/mysecret \
The above example will split the file /home/alice/mysecret
into three shares: one on the local filesystem, one on the USB mass storage
device with the label USBSTICK, and one on the MTP-compliant device
with the serial RF2GB6X704P. A configuration file will be written in
$XDG_CONFIG_HOME/gfsecret/mysecret allowing to automatically
reconstruct the file with gfsec-use(1) provided at least one of the
two removable supports are present.
Copyright © 2017,2021 Damien Goutte-Gattat
This program is released under the GNU General Public License. See
the COPYING file in the source distribution or
http://www.gnu.org/licenses/gpl.html.