Option to suppress masterkey printing.

Question

Option to suppress masterkey printing.

brimston3 opened this issue 8 years ago · 8 comments

The terminal on a remote system does not need to know the master key every time, especially if the user has already stored it.

Currently, the masterkey will not print if logging to a file, so to work around the missing flag, I currently do the following:
gocryptfs .gocrypt-store gocrypt |tee /dev/null

Please add a mount option or short flag to suppress the master key output, or perhaps change the default behavior to only print the master key on init.

gocryptfs v1.2-35-g0f40afc; go-fuse 0ad840c; 2017-02-06 go1.7.4

Answer 1 · 2017-02-06T20:46:06.000Z

Do you know "-q" ?

Answer 2 · 2017-02-06T21:57:28.000Z

I didn't; rtfm failure. I like the other info messages, but -q works for this issue. It still concerns me that the default is to print the master key each time--users might not be careful about where they unlock their mounts, but I can accept if this is the design direction you want to stick with.

Answer 3 · 2017-02-06T22:29:36.000Z

The concern that the master key may end up in too many terminal buffers is certainly valid, especially if the user has already saved it somewhere. I think I'll add "Use -q to suppress this message." to the printout to make "-q" more discoverable.

PS: I'm amazed you discovered that the master key is not printed when writing to a pipe :)

Answer 4 · 2018-06-09T08:55:25.000Z

I think that the idea of printing the master key (when the user didn't ask for that) is a very bad idea. It shouldn't be suppressed by an option, it should be not printed without a special option.

Answer 5 · 2018-08-11T21:36:31.000Z

Fixed by 6d64dfe . Master key is now only printed on init.

Answer 6 · 2020-03-03T15:03:14.000Z

Some of the documentation (the git README.md, and the home page), still says "keep a copy of your master key (printed on mount) in a safe place."

Is there a command option to print out your master key?

If you use a gui like SiriKali to create a volume, you will not see the master key on init. I may be overlooking it but now I do not see a way to print out the master key after init. Thanks.

Answer 7 · 2020-03-03T16:24:45.000Z

It's not in gocryptfs itself but in gocryptfs-xray, option -dumpmasterkey ( https://github.com/rfjakob/gocryptfs/blob/master/Documentation/MANPAGE-XRAY.md )

I will fix the docs, thanks for the notice

Answer 8 · 2020-03-04T11:12:29.000Z

Oh great, I did not know about gocryptfs-xray. Thank you!