@node Verifier
@section Verifier

Verifier is created using @code{govpn-verifier} utility. But currently
Go does not provide native instruments to read passwords without echoing
them to stdout. You can use @code{utils/storekey.sh} script to read them
silently.

@example
% utils/storekey.sh mypass.txt
Enter passphrase:[hello world]
% govpn-verifier -key mypass.txt
$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg
@end example

First line is the verifier for the server side. Second line is for the
client -- it lacks generated public key. However you can server's one
on the client side too.

Store @code{$argon2d...u10} string on the server's side in corresponding
@code{verifier} configuration file's field.

You can check passphrase against verifier by specifying @code{-verifier}
option with the path to verifier file:

@example
% govpn-verifier -key mypass.txt -verifier '$argon2d...'
true
@end example

Plaintext passphrases @strong{must} be stored on volatile memory, for
example either in memory disk, or on encrypted filesystem with
restrictive permissions to the file.