X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=doc%2Fverifier.texi;h=ecf98ad6ddc606342e78dc7886c1c19c99014b01;hb=f9209136cff0331fc2293f25061971f6c77ff213;hp=3c97f8e6516220b6f1563e08be097248948835a0;hpb=7ad63a7b6cfdac771fae78c5b09bae461896d25f;p=govpn.git diff --git a/doc/verifier.texi b/doc/verifier.texi index 3c97f8e..ecf98ad 100644 --- a/doc/verifier.texi +++ b/doc/verifier.texi @@ -1,34 +1,28 @@ @node Verifier -@section Verifier +@subsection Verifier -Verifier is created using @code{govpn-verifier} utility. But currently -Go does not provide native instruments to read passwords without echoing -them to stdout. You can use @code{utils/storekey.sh} script to read them -silently. +Verifier is created using @command{govpn-verifier} utility. -@example -% utils/storekey.sh mypass.txt -Enter passphrase:[hello world] -% govpn-verifier -key mypass.txt -$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10 -$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg -@end example +@verbatim +% govpn-verifier +Passphrase:[hello world] +$balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10 +$balloon$s=32768,t=16,p=2$bwR5VjeCYIQaa8SeaI3rqg +@end verbatim First line is the verifier for the server side. Second line is for the client -- it lacks generated public key. However you can use server's one on the client side too. -Store @code{$argon2d...u10} string on the server's side in corresponding -@code{verifier} configuration file's field. - -You can check passphrase against verifier by specifying @code{-verifier} +You can check passphrase against verifier by specifying @option{-verifier} option with the path to verifier file: -@example -% govpn-verifier -key mypass.txt -verifier '$argon2d...' +@verbatim +% govpn-verifier -verifier '$balloon...' +Passphrase:[hello world] true -@end example +@end verbatim -Plaintext passphrases @strong{must} be stored on volatile memory, for -example either in memory disk, or on encrypted filesystem with -restrictive permissions to the file. +Optionally you can store plaintext passphrases on volatile memory +(memory disk, encrypted filesystem with restrictive permissions to the +file) and provide @option{-key} option.