summaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
authorJakob Unterwurzacher2017-06-20 19:49:18 +0200
committerJakob Unterwurzacher2017-06-20 19:49:18 +0200
commitbfe421b32704e92075668adafc14424223b55b27 (patch)
tree1b5a279419b833981353698e2791cb94dcd63962 /Documentation
parentf3965a4e4c0ee02a74a9d21b7b49ac2515c2b212 (diff)
MANPAGE: reorder options to match "-hh" output; add "-hkdf", "-trace"
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/MANPAGE.md29
1 files changed, 18 insertions, 11 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md
index 119a3cb..e4ec8d9 100644
--- a/Documentation/MANPAGE.md
+++ b/Documentation/MANPAGE.md
@@ -61,6 +61,17 @@ to mount the gocryptfs filesytem without user interaction.
Stay in the foreground instead of forking away. Implies "-nosyslog".
For compatability, "-f" is also accepted, but "-fg" is preferred.
+#### -force_owner string
+If given a string of the form "uid:gid" (where both "uid" and "gid" are
+substituted with positive integers), presents all files as owned by the given
+uid and gid, regardless of their actual ownership. Implies "allow_other".
+
+This is rarely desired behavior: One should *usually* run gocryptfs as the
+account which owns the backing-store files, which should *usually* be one and
+the same with the account intended to access the decrypted content. An example
+of a case where this may be useful is a situation where content is stored on a
+filesystem that doesn't properly support UNIX ownership and permissions.
+
#### -forcedecode
Force decode of encrypted files even if the integrity check fails, instead of
failing with an IO error. Warning messages are still printed to syslog if corrupted
@@ -78,17 +89,6 @@ that uses built-in Go crypto.
Setting this option forces the filesystem to read-only and noexec.
-#### -force_owner string
-If given a string of the form "uid:gid" (where both "uid" and "gid" are
-substituted with positive integers), presents all files as owned by the given
-uid and gid, regardless of their actual ownership. Implies "allow_other".
-
-This is rarely desired behavior: One should *usually* run gocryptfs as the
-account which owns the backing-store files, which should *usually* be one and
-the same with the account intended to access the decrypted content. An example
-of a case where this may be useful is a situation where content is stored on a
-filesystem that doesn't properly support UNIX ownership and permissions.
-
#### -fsname string
Override the filesystem name (first column in df -T). Can also be
passed as "-o fsname=" and is equivalent to libfuse's option of the
@@ -103,6 +103,10 @@ Print a short help text that shows the more-often used options.
#### -hh
Long help text, shows all available options.
+#### -hkdf
+Use HKDF to derive separate keys for content and name encryption from
+the master key.
+
#### -info
Pretty-print the contents of the config file for human consumption,
stripping out sensitive data.
@@ -244,6 +248,9 @@ Run crypto speed test. Benchmark Go's built-in GCM against OpenSSL
(if available). The library that will be selected on "-openssl=auto"
(the default) is marked as such.
+#### -trace string
+Write execution trace to file. View the trace using "go tool trace FILE".
+
#### -version
Print version and exit. The output contains three fields seperated by ";".
Example: "gocryptfs v1.1.1-5-g75b776c; go-fuse 6b801d3; 2016-11-01 go1.7.3".