Only print masterkey once on -init

It is no longer printed at all when mounting a filesystem,
printing on -init can be disabled with -q.

https://github.com/rfjakob/gocryptfs/issues/76

internal/configfile/config_file.go

@@ -104,6 +104,7 @@ func Create(filename string, password []byte, plaintextNames bool,
 		} else {
 			key = cryptocore.RandBytes(cryptocore.KeyLen)
 		}
+		tlog.PrintMasterkeyReminder(key)
 		// Encrypt it using the password
 		// This sets ScryptObject and EncryptedKey
 		// Note: this looks at the FeatureFlags, so call it AFTER setting them.

internal/tlog/log.go

@@ -3,6 +3,7 @@
 package tlog
 
 import (
+	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"log"
@@ -144,3 +145,39 @@ func SwitchLoggerToSyslog(p syslog.Priority) {
 		log.SetOutput(w)
 	}
 }
+
+// PrintMasterkeyReminder reminds the user that he should store the master key in
+// a safe place.
+func PrintMasterkeyReminder(key []byte) {
+	if !Info.Enabled {
+		// Quiet mode
+		return
+	}
+	if !terminal.IsTerminal(int(os.Stdout.Fd())) {
+		// We don't want the master key to end up in a log file
+		Info.Printf("Not running on a terminal, suppressing master key display\n")
+		return
+	}
+	h := hex.EncodeToString(key)
+	var hChunked string
+	// Try to make it less scary by splitting it up in chunks
+	for i := 0; i < len(h); i += 8 {
+		hChunked += h[i : i+8]
+		if i < 52 {
+			hChunked += "-"
+		}
+		if i == 24 {
+			hChunked += "\n    "
+		}
+	}
+	Info.Printf(`
+Your master key is:
+
+    %s
+
+If the gocryptfs.conf file becomes corrupted or you ever forget your password,
+there is only one hope for recovery: The master key. Print it to a piece of
+paper and store it in a drawer. This message is only printed once.
+
+`, ColorGrey+hChunked+ColorReset)
+}

masterkey.go

@@ -5,8 +5,6 @@ import (
 	"os"
 	"strings"
 
-	"golang.org/x/crypto/ssh/terminal"
-
 	"github.com/rfjakob/gocryptfs/internal/configfile"
 	"github.com/rfjakob/gocryptfs/internal/cryptocore"
 	"github.com/rfjakob/gocryptfs/internal/exitcodes"
@@ -14,38 +12,6 @@ import (
 	"github.com/rfjakob/gocryptfs/internal/tlog"
 )
 
-// printMasterKey - remind the user that he should store the master key in
-// a safe place
-func printMasterKey(key []byte) {
-	if !terminal.IsTerminal(int(os.Stdout.Fd())) {
-		// We don't want the master key to end up in a log file
-		tlog.Info.Printf("Not running on a terminal, suppressing master key display\n")
-		return
-	}
-	h := hex.EncodeToString(key)
-	var hChunked string
-	// Try to make it less scary by splitting it up in chunks
-	for i := 0; i < len(h); i += 8 {
-		hChunked += h[i : i+8]
-		if i < 52 {
-			hChunked += "-"
-		}
-		if i == 24 {
-			hChunked += "\n    "
-		}
-	}
-	tlog.Info.Printf(`
-Your master key is:
-
-    %s
-
-If the gocryptfs.conf file becomes corrupted or you ever forget your password,
-there is only one hope for recovery: The master key. Print it to a piece of
-paper and store it in a drawer. Use "-q" to suppress this message.
-
-`, tlog.ColorGrey+hChunked+tlog.ColorReset)
-}
-
 // parseMasterKey - Parse a hex-encoded master key that was passed on the command line
 // Calls os.Exit on failure
 func parseMasterKey(masterkey string, fromStdin bool) []byte {
@@ -106,9 +72,5 @@ func getMasterKey(args *argContainer) (masterkey []byte, confFile *configfile.Co
 	if !args.trezor {
 		readpassword.CheckTrailingGarbage()
 	}
-	if !args.fsck {
-		// We only want to print the masterkey message on a normal mount.
-		printMasterKey(masterkey)
-	}
 	return masterkey, confFile
 }