1.\" Copyright (c) 2016 Konrad Witaszczyk <def@FreeBSD.org> 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.Dd January 29, 2018 26.Dt DECRYPTCORE 8 27.Os 28.Sh NAME 29.Nm decryptcore 30.Nd "decrypt a core dump of the operating system" 31.Sh SYNOPSIS 32.Nm 33.Op Fl fLv 34.Fl p Ar privatekeyfile 35.Fl k Ar keyfile 36.Fl e Ar encryptedcore 37.Fl c Ar core 38.Nm 39.Op Fl fLv 40.Op Fl d Ar crashdir 41.Fl p Ar privatekeyfile 42.Fl n Ar dumpnr 43.Sh DESCRIPTION 44The 45.Nm 46utility first decrypts 47.Ar keyfile 48using 49.Ar privatekeyfile 50and then uses the resulting key to decrypt 51.Ar encryptedcore 52saved by 53.Xr savecore 8 . 54The result is saved in 55.Ar core . 56.Pp 57Alternatively a user can decrypt a core dump numbered 58.Ar dumpnr 59from the 60.Ar crashdir 61directory. 62In this case a dump key from the 63.Pa key.# 64file is used and the result is saved in the 65.Pa vmcore.# 66file where 67.Dq # 68corresponds to 69.Ar dumpnr . 70.Pp 71By default 72.Nm 73does not overwrite an old core dump as a user might want to store the core 74somewhere else for the future. 75This behaviour can be changed using the 76.Fl f 77flag. 78.Pp 79The 80.Nm 81utility can be started with the following command line arguments: 82.Bl -tag -width ".Fl e Ar encryptedcore" 83.It Fl f 84Remove a decryped core dump if it already exists. 85.It Fl L 86Write log messages to 87.Xr syslogd 8 . 88.It Fl v 89Print or log verbose/debugging information. 90This option can be specified multiple times to raise the verbosity 91level. 92.It Fl p Ar privatekeyfile 93Specify location of a private key file which will be used to decrypt a dump key 94file. 95.It Fl k Ar keyfile 96Specify location of a dump key file. 97.It Fl e Ar encryptedcore 98Specify location of an encrypted core. 99.It Fl c Ar core 100Specify location of a resulting decrypted core dump. 101.It Fl d Ar crashdir 102Specify an alternative crash dump directory. 103The default crash dump directory is 104.Pa /var/crash . 105.It Fl n Ar dumpnr 106Specify a number of a crash dump to be decrypted. 107.El 108.Sh EXIT STATUS 109.Ex -std 110.Sh SEE ALSO 111.Xr kgdb 1 Pq Pa ports/devel/gdb , 112.Xr capsicum 4 , 113.Xr dumpon 8 , 114.Xr savecore 8 , 115.Xr syslogd 8 116.Sh AUTHORS 117The 118.Nm 119utility was implemented by 120.An Konrad Witaszczyk Aq Mt def@FreeBSD.org . 121