Previous: , Up: Glossary  


Verifier

Verifier is created using govpn-verifier utility. But currently Go does not provide native instruments to read passwords without echoing them to stdout. You can use utils/storekey.sh script to read them silently.

% utils/storekey.sh mypass.txt
Enter passphrase:[hello world]
% govpn-verifier -key mypass.txt
$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10
$argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg

First line is the verifier for the server side. Second line is for the client – it lacks generated public key. However you can use server’s one on the client side too.

You can check passphrase against verifier by specifying -verifier option with the path to verifier file:

% govpn-verifier -key mypass.txt -verifier '$argon2d...'
true

Plaintext passphrases must be stored on volatile memory, for example either in memory disk, or on encrypted filesystem with restrictive permissions to the file.