Verifier is created using govpn-verifier
utility. But currently
Go does not provide native instruments to read passwords without echoing
them to stdout. You can use utils/storekey.sh
script to read them
silently.
% utils/storekey.sh mypass.txt Enter passphrase:[hello world] % govpn-verifier -key mypass.txt $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg$KCNIqfS4DGsBTtVytamAzcISgrlEWvNxan1UfBrFu10 $argon2d$m=4096,t=128,p=1$bwR5VjeCYIQaa8SeaI3rqg
First line is the verifier for the server side. Second line is for the client – it lacks generated public key. However you can use server’s one on the client side too.
You can check passphrase against verifier by specifying -verifier
option with the path to verifier file:
% govpn-verifier -key mypass.txt -verifier '$argon2d...' true
Plaintext passphrases must be stored on volatile memory, for example either in memory disk, or on encrypted filesystem with restrictive permissions to the file.