xref: /freebsd/sbin/decryptcore/decryptcore.8 (revision 6132212808e8dccedc9e5d85fea4390c2f38059a)
1.\" Copyright (c) 2016 Konrad Witaszczyk <def@FreeBSD.org>
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd January 29, 2018
28.Dt DECRYPTCORE 8
29.Os
30.Sh NAME
31.Nm decryptcore
32.Nd "decrypt a core dump of the operating system"
33.Sh SYNOPSIS
34.Nm
35.Op Fl fLv
36.Fl p Ar privatekeyfile
37.Fl k Ar keyfile
38.Fl e Ar encryptedcore
39.Fl c Ar core
40.Nm
41.Op Fl fLv
42.Op Fl d Ar crashdir
43.Fl p Ar privatekeyfile
44.Fl n Ar dumpnr
45.Sh DESCRIPTION
46The
47.Nm
48utility first decrypts
49.Ar keyfile
50using
51.Ar privatekeyfile
52and then uses the resulting key to decrypt
53.Ar encryptedcore
54saved by
55.Xr savecore 8 .
56The result is saved in
57.Ar core .
58.Pp
59Alternatively a user can decrypt a core dump numbered
60.Ar dumpnr
61from the
62.Ar crashdir
63directory.
64In this case a dump key from the
65.Pa key.#
66file is used and the result is saved in the
67.Pa vmcore.#
68file where
69.Dq #
70corresponds to
71.Ar dumpnr .
72.Pp
73By default
74.Nm
75does not overwrite an old core dump as a user might want to store the core
76somewhere else for the future.
77This behaviour can be changed using the
78.Fl f
79flag.
80.Pp
81The
82.Nm
83utility can be started with the following command line arguments:
84.Bl -tag -width ".Fl e Ar encryptedcore"
85.It Fl f
86Remove a decryped core dump if it already exists.
87.It Fl L
88Write log messages to
89.Xr syslogd 8 .
90.It Fl v
91Print or log verbose/debugging information.
92This option can be specified multiple times to raise the verbosity
93level.
94.It Fl p Ar privatekeyfile
95Specify location of a private key file which will be used to decrypt a dump key
96file.
97.It Fl k Ar keyfile
98Specify location of a dump key file.
99.It Fl e Ar encryptedcore
100Specify location of an encrypted core.
101.It Fl c Ar core
102Specify location of a resulting decrypted core dump.
103.It Fl d Ar crashdir
104Specify an alternative crash dump directory.
105The default crash dump directory is
106.Pa /var/crash .
107.It Fl n Ar dumpnr
108Specify a number of a crash dump to be decrypted.
109.El
110.Sh EXIT STATUS
111.Ex -std
112.Sh SEE ALSO
113.Xr kgdb 1 ,
114.Xr capsicum 4 ,
115.Xr dumpon 8 ,
116.Xr savecore 8 ,
117.Xr syslogd 8
118.Sh AUTHORS
119The
120.Nm
121utility was implemented by
122.An Konrad Witaszczyk Aq Mt def@FreeBSD.org .
123