Skip to content

Recreate gocryptfs.conf using masterkey

Jump to bottom Edit New page
rfjakob edited this page Feb 29, 2020 · 2 revisions

If you lose your gocryptfs.conf but have saved your masterkey, you can create a new gocryptfs.conf like this:

  • Use gocryptfs -init on a temporary directory to create a new config file (password does not matter)
  • Then use gocryptfs -passwd -masterkey to override the masterkey and set a new password

Complete example

(1) You create your filesystem and store data in it:

$ gocryptfs -init a
Choose a password for protecting your files.
Password: 
Repeat: 

Your master key is:

    66a765c3-2868b607-ed6b8369-a1263c29-
    1eac1192-26b5ea50-e48e73e5-76af82df

If the gocryptfs.conf file becomes corrupted or you ever forget your password,
there is only one hope for recovery: The master key. Print it to a piece of
paper and store it in a drawer. This message is only printed once.
The gocryptfs filesystem has been created successfully.
You can now mount it using: gocryptfs a MOUNTPOINT

$ gocryptfs a b
Password: 
Decrypting master key
Filesystem mounted and ready.

$ echo "hello world" > b/hello.txt

$ fusermount -u b

(2) Disaster strikes: Your gocryptfs.conf is lost:

$ rm a/gocryptfs.conf 
rm: remove write-protected regular file 'a/gocryptfs.conf'? y

(3) Restore gocryptfs.conf using the masterkey that you saved:

$ mkdir tmp

$ gocryptfs -init tmp
[...]

$ mv tmp/gocryptfs.conf a

$ gocryptfs -passwd -masterkey 66a765c3-2868b607-ed6b8369-a1263c29-1eac1192-26b5ea50-e48e73e5-76af82df a
Using explicit master key.
THE MASTER KEY IS VISIBLE VIA "ps ax" AND MAY BE STORED IN YOUR SHELL HISTORY!
ONLY USE THIS MODE FOR EMERGENCIES
Please enter your new password.
Password: 
Repeat: 
A copy of the old config file has been created at "/tmp/tmp.lopzg3o5Yo/a/gocryptfs.conf.bak".
Delete it after you have verified that you can access your files with the new password.
Password changed.

$ gocryptfs a b
Password: 
Decrypting master key
Filesystem mounted and ready.

$ cat b/hello.txt 
hello world

Notes

  • If you have have used non-default options in gocryptfs -init in step (1) you also have to use them in step (3)
Add a custom footer
Add a custom sidebar
Clone this wiki locally