libgocryptfs/Documentation/MANPAGE.md

122 lines
2.8 KiB
Markdown
Raw Normal View History

% GOCRYPTFS(1)
% github.com/rfjakob
% Nov 2015
NAME
====
2015-11-11 09:19:53 +01:00
gocryptfs - mount an encrypted directory
SYNOPSIS
========
Initialize encrypted filesystem
-------------------------------
gocryptfs -init [OPTIONS] CIPHERDIR
Mount
-----
gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
Change password
---------------
gocryptfs -passwd [OPTIONS] CIPHERDIR
DESCRIPTION
===========
Options:
**-config string**
: Use specified config file instead of CIPHERDIR/gocryptfs.conf
**-cpuprofile string**
: Write cpu profile to specified file
2016-01-24 18:20:52 +01:00
**-d, -debug**
: Enable debug output
**-diriv**
: Use per-directory file name IV (default true)
**-emenames**
: Use EME filename encryption (default true). This option implies diriv.
**-extpass string**
: Use an external program (like ssh-askpass) for the password prompt.
The program should return the password on stdout, a trailing newline is
stripped by gocryptfs. Using something like "cat /mypassword.txt" allows
to mount the gocryptfs filesytem without user interaction.
**-f**
: Stay in the foreground instead of forking away.
**-fusedebug**
: Enable fuse library debug output
**-gcmiv128**
: Use an 128-bit IV for GCM encryption instead of Go's default of
96 bits (default true). This pushes back the birthday bound for IV
collisions far enough to make it irrelevant.
**-init**
: Initialize encrypted directory
**-masterkey string**
: Mount with explicit master key specified on the command line. This
option can be used to mount a gocryptfs filesystem without a config file.
Note that the command line, and with it the master key, is visible to
anybody on the machine who can execute "ps -auxwww".
2016-01-24 18:20:52 +01:00
**-memprofile string**
: Write memory profile to specified file. This is useful when debugging
memory usage of gocryptfs.
**-nosyslog**
: Diagnostic messages are normally redirected to syslog once gocryptfs
daemonizes. This option disables the redirection and messages will
continue be printed to stdout and stderr.
**-notifypid int**
: Send USR1 to the specified process after successful mount. This is
used internally for daemonization.
**-openssl bool**
: Use OpenSSL instead of built-in Go crypto (default true). Using
built-in crypto is 4x slower.
**-passwd**
: Change password
**-plaintextnames**
: Do not encrypt file names
2016-01-24 18:20:52 +01:00
**-q, -quiet**
: Quiet - silence informational messages
**-scryptn int**
: scrypt cost parameter logN. Setting this to a lower value speeds up
mounting but makes the password susceptible to brute-force attacks (default 16)
**-version**
: Print version and exit
**-zerokey**
: Use all-zero dummy master key. This options is only intended for
automated testing as it does not provide any security.
2016-01-06 16:55:38 +01:00
EXAMPLES
========
Create and mount an encrypted filesystem:
mkdir /tmp/g1 /tmp/g2
gocryptfs -init /tmp/g1
gocryptfs /tmp/g1 /tmp/g2