2.9 KiB
2.9 KiB
% GOCRYPTFS(1) % github.com/rfjakob % Nov 2015
NAME
gocryptfs - mount an encrypted directory
SYNOPSIS
Initialize encrypted filesystem
gocryptfs -init [OPTIONS] CIPHERDIR
Mount
gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
Change password
gocryptfs -passwd [OPTIONS] CIPHERDIR
DESCRIPTION
Options:
- -config string
- Use specified config file instead of CIPHERDIR/gocryptfs.conf
- -cpuprofile string
- Write cpu profile to specified file
- -d, -debug
- Enable debug output
- -diriv
- Use per-directory file name IV (default true)
- -emenames
- Use EME filename encryption (default true). This option implies diriv.
- -extpass string
- Use an external program (like ssh-askpass) for the password prompt. The program should return the password on stdout, a trailing newline is stripped by gocryptfs. Using something like "cat /mypassword.txt" allows to mount the gocryptfs filesytem without user interaction.
- -f
- Stay in the foreground instead of forking away.
- -fusedebug
- Enable fuse library debug output
- -gcmiv128
- Use an 128-bit IV for GCM encryption instead of Go's default of 96 bits (default true). This pushes back the birthday bound for IV collisions far enough to make it irrelevant.
- -init
- Initialize encrypted directory
- -masterkey string
- Mount with explicit master key specified on the command line. This option can be used to mount a gocryptfs filesystem without a config file. Note that the command line, and with it the master key, is visible to anybody on the machine who can execute "ps -auxwww".
- -memprofile string
- Write memory profile to specified file. This is useful when debugging memory usage of gocryptfs.
- -nosyslog
- Diagnostic messages are normally redirected to syslog once gocryptfs daemonizes. This option disables the redirection and messages will continue be printed to stdout and stderr.
- -notifypid int
- Send USR1 to the specified process after successful mount. This is used internally for daemonization.
- -openssl bool
- Use OpenSSL instead of built-in Go crypto (default true). Using built-in crypto is 4x slower.
- -passwd
- Change password
- -plaintextnames
- Do not encrypt file names
- -q, -quiet
- Quiet - silence informational messages
- -scryptn int
- scrypt cost parameter logN. Setting this to a lower value speeds up mounting but makes the password susceptible to brute-force attacks (default 16)
- -version
- Print version and exit
- -wpanic
- When encountering a warning, panic and exit immediately. This is useful in regression testing.
- -zerokey
- Use all-zero dummy master key. This options is only intended for automated testing as it does not provide any security.
EXAMPLES
Create and mount an encrypted filesystem:
mkdir /tmp/g1 /tmp/g2
gocryptfs -init /tmp/g1
gocryptfs /tmp/g1 /tmp/g2