2015-11-11 09:15:14 +01:00
|
|
|
% GOCRYPTFS(1)
|
|
|
|
|
% github.com/rfjakob
|
2016-05-16 23:59:26 +02:00
|
|
|
% May 2016
|
2015-11-11 09:15:14 +01:00
|
|
|
|
|
|
|
|
NAME
|
|
|
|
|
====
|
|
|
|
|
|
2015-11-11 09:19:53 +01:00
|
|
|
gocryptfs - mount an encrypted directory
|
2015-11-11 09:15:14 +01:00
|
|
|
|
|
|
|
|
SYNOPSIS
|
|
|
|
|
========
|
|
|
|
|
|
|
|
|
|
Initialize encrypted filesystem
|
|
|
|
|
-------------------------------
|
|
|
|
|
|
|
|
|
|
gocryptfs -init [OPTIONS] CIPHERDIR
|
|
|
|
|
|
|
|
|
|
Mount
|
|
|
|
|
-----
|
|
|
|
|
|
|
|
|
|
gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
|
|
|
|
|
|
|
|
|
|
Change password
|
|
|
|
|
---------------
|
|
|
|
|
|
2015-11-14 21:25:10 +01:00
|
|
|
gocryptfs -passwd [OPTIONS] CIPHERDIR
|
2015-11-11 09:15:14 +01:00
|
|
|
|
|
|
|
|
DESCRIPTION
|
|
|
|
|
===========
|
|
|
|
|
|
|
|
|
|
Options:
|
|
|
|
|
|
2016-05-16 23:59:26 +02:00
|
|
|
**-allow_other**
|
|
|
|
|
: By default, the Linux kernel prevents any other user (even root) to
|
|
|
|
|
access a mounted FUSE filesystem. Settings this option allows access for
|
|
|
|
|
other users, subject to file permission checking. Only works if
|
|
|
|
|
user_allow_other is set in /etc/fuse.conf. This option is equivalent to
|
|
|
|
|
"allow_other" plus "default_permissions" described in fuse(8).
|
|
|
|
|
|
2015-11-14 21:31:39 +01:00
|
|
|
**-config string**
|
|
|
|
|
: Use specified config file instead of CIPHERDIR/gocryptfs.conf
|
|
|
|
|
|
2015-11-11 09:15:14 +01:00
|
|
|
**-cpuprofile string**
|
|
|
|
|
: Write cpu profile to specified file
|
|
|
|
|
|
2016-01-24 18:20:52 +01:00
|
|
|
**-d, -debug**
|
2015-11-11 09:15:14 +01:00
|
|
|
: Enable debug output
|
|
|
|
|
|
2015-11-15 13:38:19 +01:00
|
|
|
**-extpass string**
|
|
|
|
|
: Use an external program (like ssh-askpass) for the password prompt.
|
|
|
|
|
The program should return the password on stdout, a trailing newline is
|
2015-12-04 22:41:00 +01:00
|
|
|
stripped by gocryptfs. Using something like "cat /mypassword.txt" allows
|
|
|
|
|
to mount the gocryptfs filesytem without user interaction.
|
2015-11-15 13:38:19 +01:00
|
|
|
|
2015-11-11 09:15:14 +01:00
|
|
|
**-f**
|
2015-12-04 22:41:00 +01:00
|
|
|
: Stay in the foreground instead of forking away.
|
2015-11-11 09:15:14 +01:00
|
|
|
|
|
|
|
|
**-fusedebug**
|
|
|
|
|
: Enable fuse library debug output
|
|
|
|
|
|
|
|
|
|
**-init**
|
|
|
|
|
: Initialize encrypted directory
|
|
|
|
|
|
2016-04-17 21:19:51 +02:00
|
|
|
**-longnames**
|
|
|
|
|
: Store names longer than 176 bytes in extra files (default true)
|
|
|
|
|
This flag is useful when recovering old gocryptfs filesystems using
|
|
|
|
|
"-masterkey". It is ignored (stays at the default) otherwise.
|
|
|
|
|
|
2015-11-11 09:15:14 +01:00
|
|
|
**-masterkey string**
|
2015-12-04 22:41:00 +01:00
|
|
|
: Mount with explicit master key specified on the command line. This
|
|
|
|
|
option can be used to mount a gocryptfs filesystem without a config file.
|
|
|
|
|
Note that the command line, and with it the master key, is visible to
|
|
|
|
|
anybody on the machine who can execute "ps -auxwww".
|
2015-11-11 09:15:14 +01:00
|
|
|
|
2016-01-24 18:20:52 +01:00
|
|
|
**-memprofile string**
|
|
|
|
|
: Write memory profile to specified file. This is useful when debugging
|
|
|
|
|
memory usage of gocryptfs.
|
|
|
|
|
|
|
|
|
|
**-nosyslog**
|
|
|
|
|
: Diagnostic messages are normally redirected to syslog once gocryptfs
|
|
|
|
|
daemonizes. This option disables the redirection and messages will
|
|
|
|
|
continue be printed to stdout and stderr.
|
|
|
|
|
|
2015-11-11 09:15:14 +01:00
|
|
|
**-notifypid int**
|
2015-12-04 22:41:00 +01:00
|
|
|
: Send USR1 to the specified process after successful mount. This is
|
|
|
|
|
used internally for daemonization.
|
2015-11-11 09:15:14 +01:00
|
|
|
|
|
|
|
|
**-openssl bool**
|
2016-05-11 23:36:57 +02:00
|
|
|
: Use OpenSSL instead of built-in Go crypto (default "auto"). Using
|
2016-05-12 09:50:36 +02:00
|
|
|
built-in crypto is 4x slower unless your CPU has AES instructions and
|
2016-05-11 23:36:57 +02:00
|
|
|
you are using Go 1.6+. In mode "auto", gocrypts chooses the faster
|
|
|
|
|
option.
|
2015-11-11 09:15:14 +01:00
|
|
|
|
|
|
|
|
**-passwd**
|
|
|
|
|
: Change password
|
|
|
|
|
|
|
|
|
|
**-plaintextnames**
|
2015-11-14 21:31:39 +01:00
|
|
|
: Do not encrypt file names
|
2015-11-11 09:15:14 +01:00
|
|
|
|
2016-01-24 18:20:52 +01:00
|
|
|
**-q, -quiet**
|
2015-11-11 09:15:14 +01:00
|
|
|
: Quiet - silence informational messages
|
|
|
|
|
|
2016-06-16 21:29:22 +02:00
|
|
|
**-ro**
|
|
|
|
|
: Mount the filesystem read-only
|
|
|
|
|
|
2015-12-04 22:41:00 +01:00
|
|
|
**-scryptn int**
|
|
|
|
|
: scrypt cost parameter logN. Setting this to a lower value speeds up
|
|
|
|
|
mounting but makes the password susceptible to brute-force attacks (default 16)
|
|
|
|
|
|
2015-11-11 09:15:14 +01:00
|
|
|
**-version**
|
2016-06-19 19:33:15 +02:00
|
|
|
: Print version and exit. The output contains three fields seperated by
|
|
|
|
|
";". Example: "gocryptfs v0.12-2; go-fuse a4c968c; go1.6.2".
|
|
|
|
|
Field 1 is the gocryptfs version, field 2 is the version of the go-fuse
|
|
|
|
|
library, field 3 is the Go version that was used to compile the binary.
|
2015-11-11 09:15:14 +01:00
|
|
|
|
2016-01-31 18:09:39 +01:00
|
|
|
**-wpanic**
|
|
|
|
|
: When encountering a warning, panic and exit immediately. This is
|
|
|
|
|
useful in regression testing.
|
|
|
|
|
|
2015-11-11 09:15:14 +01:00
|
|
|
**-zerokey**
|
2015-12-04 22:41:00 +01:00
|
|
|
: Use all-zero dummy master key. This options is only intended for
|
|
|
|
|
automated testing as it does not provide any security.
|
2015-11-11 09:15:14 +01:00
|
|
|
|
2016-01-06 16:55:38 +01:00
|
|
|
|
|
|
|
|
EXAMPLES
|
|
|
|
|
========
|
|
|
|
|
|
|
|
|
|
Create and mount an encrypted filesystem:
|
|
|
|
|
|
|
|
|
|
mkdir /tmp/g1 /tmp/g2
|
|
|
|
|
|
|
|
|
|
gocryptfs -init /tmp/g1
|
|
|
|
|
gocryptfs /tmp/g1 /tmp/g2
|
|
|
|
|
|
2016-05-16 23:59:26 +02:00
|
|
|
|
|
|
|
|
SEE ALSO
|
|
|
|
|
========
|
|
|
|
|
fuse(8)
|
