From 353d29b5023d670119e7962d752e6d084ad0c6c5 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Fri, 4 Dec 2015 22:41:00 +0100 Subject: [PATCH] Update manpage with -diriv and -scryptn --- Documentation/MANPAGE.md | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md index 517cc82..481e6e3 100644 --- a/Documentation/MANPAGE.md +++ b/Documentation/MANPAGE.md @@ -39,13 +39,17 @@ Options: **-debug** : Enable debug output +**-diriv** +: Use per-directory file name IV (default true) + **-extpass string** : Use an external program (like ssh-askpass) for the password prompt. The program should return the password on stdout, a trailing newline is -stripped by gocryptfs. +stripped by gocryptfs. Using something like "cat /mypassword.txt" allows +to mount the gocryptfs filesytem without user interaction. **-f** -: Stay in the foreground +: Stay in the foreground instead of forking away. **-fusedebug** : Enable fuse library debug output @@ -54,13 +58,18 @@ stripped by gocryptfs. : Initialize encrypted directory **-masterkey string** -: Mount with explicit master key +: Mount with explicit master key specified on the command line. This +option can be used to mount a gocryptfs filesystem without a config file. +Note that the command line, and with it the master key, is visible to +anybody on the machine who can execute "ps -auxwww". **-notifypid int** -: Send USR1 to the specified process after successful mount - used internally for daemonization +: Send USR1 to the specified process after successful mount. This is +used internally for daemonization. **-openssl bool** -: Use OpenSSL instead of built-in Go crypto (default true) +: Use OpenSSL instead of built-in Go crypto (default true). Using +built-in crypto is 4x slower. **-passwd** : Change password @@ -71,9 +80,14 @@ stripped by gocryptfs. **-q** : Quiet - silence informational messages +**-scryptn int** +: scrypt cost parameter logN. Setting this to a lower value speeds up +mounting but makes the password susceptible to brute-force attacks (default 16) + **-version** : Print version and exit **-zerokey** -: Use all-zero dummy master key +: Use all-zero dummy master key. This options is only intended for +automated testing as it does not provide any security.