X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=doc%2Fverifier.texi;h=ecf98ad6ddc606342e78dc7886c1c19c99014b01;hb=f9209136cff0331fc2293f25061971f6c77ff213;hp=07ba19826e5ccf2fb40f89ff819d472f6817a3b1;hpb=9364defa689e91c6fb54651876fbf2d02eec35ec;p=govpn.git diff --git a/doc/verifier.texi b/doc/verifier.texi index 07ba198..ecf98ad 100644 --- a/doc/verifier.texi +++ b/doc/verifier.texi @@ -1,34 +1,28 @@ @node Verifier -@section Verifier +@subsection Verifier -Verifier is created using @code{govpn-verifier} utility. But currently -Go does not provide native instruments to read passwords without echoing -them to stdout. You can use @code{utils/storekey.sh} script to read them -silently. +Verifier is created using @command{govpn-verifier} utility. -@example -% utils/storekey.sh mypass.txt -Enter passphrase:[hello world] -% govpn-verifier -key mypass.txt -$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10 -$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg -@end example +@verbatim +% govpn-verifier +Passphrase:[hello world] +$balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10 +$balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg +@end verbatim First line is the verifier for the server side. Second line is for the -client -- it lacks generated public key. However you can server's one -on the client side too. +client -- it lacks generated public key. However you can use server's +one on the client side too. -Store @code{$argon2d...u10} string on the server's side in corresponding -@code{verifier} configuration file's field. - -You can check passphrase against verifier by specifying @code{-verifier} +You can check passphrase against verifier by specifying @option{-verifier} option with the path to verifier file: -@example -% govpn-verifier -key mypass.txt -verifier '$argon2d...' +@verbatim +% govpn-verifier -verifier '$balloon...' +Passphrase:[hello world] true -@end example +@end verbatim -Plaintext passphrases @strong{must} be stored on volatile memory, for -example either in memory disk, or on encrypted filesystem with -restrictive permissions to the file. +Optionally you can store plaintext passphrases on volatile memory +(memory disk, encrypted filesystem with restrictive permissions to the +file) and provide @option{-key} option.