3.5 KiB
3.5 KiB
% GOCRYPTFS(1) % github.com/rfjakob % May 2016
NAME
gocryptfs - mount an encrypted directory
SYNOPSIS
Initialize encrypted filesystem
gocryptfs -init [OPTIONS] CIPHERDIR
Mount
gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
Change password
gocryptfs -passwd [OPTIONS] CIPHERDIR
DESCRIPTION
Options:
- -allow_other
- By default, the Linux kernel prevents any other user (even root) to access a mounted FUSE filesystem. Settings this option allows access for other users, subject to file permission checking. Only works if user_allow_other is set in /etc/fuse.conf. This option is equivalent to "allow_other" plus "default_permissions" described in fuse(8).
- -config string
- Use specified config file instead of CIPHERDIR/gocryptfs.conf
- -cpuprofile string
- Write cpu profile to specified file
- -d, -debug
- Enable debug output
- -extpass string
- Use an external program (like ssh-askpass) for the password prompt. The program should return the password on stdout, a trailing newline is stripped by gocryptfs. Using something like "cat /mypassword.txt" allows to mount the gocryptfs filesytem without user interaction.
- -f
- Stay in the foreground instead of forking away.
- -fusedebug
- Enable fuse library debug output
- -init
- Initialize encrypted directory
- -longnames
- Store names longer than 176 bytes in extra files (default true) This flag is useful when recovering old gocryptfs filesystems using "-masterkey". It is ignored (stays at the default) otherwise.
- -masterkey string
- Mount with explicit master key specified on the command line. This option can be used to mount a gocryptfs filesystem without a config file. Note that the command line, and with it the master key, is visible to anybody on the machine who can execute "ps -auxwww".
- -memprofile string
- Write memory profile to specified file. This is useful when debugging memory usage of gocryptfs.
- -nosyslog
- Diagnostic messages are normally redirected to syslog once gocryptfs daemonizes. This option disables the redirection and messages will continue be printed to stdout and stderr.
- -notifypid int
- Send USR1 to the specified process after successful mount. This is used internally for daemonization.
- -openssl bool
- Use OpenSSL instead of built-in Go crypto (default "auto"). Using built-in crypto is 4x slower unless your CPU has AES instructions and you are using Go 1.6+. In mode "auto", gocrypts chooses the faster option.
- -passwd
- Change password
- -plaintextnames
- Do not encrypt file names
- -q, -quiet
- Quiet - silence informational messages
- -ro
- Mount the filesystem read-only
- -scryptn int
- scrypt cost parameter logN. Setting this to a lower value speeds up mounting but makes the password susceptible to brute-force attacks (default 16)
- -version
- Print version and exit. The output contains three fields seperated by ";". Example: "gocryptfs v0.12-2; go-fuse a4c968c; go1.6.2". Field 1 is the gocryptfs version, field 2 is the version of the go-fuse library, field 3 is the Go version that was used to compile the binary.
- -wpanic
- When encountering a warning, panic and exit immediately. This is useful in regression testing.
- -zerokey
- Use all-zero dummy master key. This options is only intended for automated testing as it does not provide any security.
EXAMPLES
Create and mount an encrypted filesystem:
mkdir /tmp/g1 /tmp/g2
gocryptfs -init /tmp/g1
gocryptfs /tmp/g1 /tmp/g2
SEE ALSO
fuse(8)