summaryrefslogtreecommitdiff
path: root/Documentation/MANPAGE.md
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/MANPAGE.md')
-rw-r--r--Documentation/MANPAGE.md19
1 files changed, 16 insertions, 3 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md
index 1049703..4fa155a 100644
--- a/Documentation/MANPAGE.md
+++ b/Documentation/MANPAGE.md
@@ -80,10 +80,14 @@ This flag is useful when recovering old gocryptfs filesystems using
"-masterkey". It is ignored (stays at the default) otherwise.
**-masterkey string**
-: Mount with explicit master key specified on the command line. This
+: Use a explicit master key specified on the command line. This
option can be used to mount a gocryptfs filesystem without a config file.
Note that the command line, and with it the master key, is visible to
anybody on the machine who can execute "ps -auxwww".
+This is meant as a recovery option for emergencies, such as if you have
+forgotten your password.
+
+ Example master key: 6f717d8b-6b5f8e8a-fd0aa206-778ec093-62c5669b-abd229cd-241e00cd-b4d6713d
**-memprofile string**
: Write memory profile to specified file. This is useful when debugging
@@ -91,7 +95,7 @@ memory usage of gocryptfs.
**-nonempty**
: Allow mounting over non-empty directories. FUSE by default disallows
-this because to prevent accidential shadowing of files.
+this to prevent accidential shadowing of files.
**-nosyslog**
: Diagnostic messages are normally redirected to syslog once gocryptfs
@@ -113,7 +117,16 @@ option.
specifying "-extpass /bin/cat FILE".
**-passwd**
-: Change password
+: Change the password. Will ask for the old password, check if it is
+correct, and ask for a new one.
+
+ This can be used together with `-masterkey` if
+you forgot the password but know the master key. Note that without the
+old password, gocryptfs cannot tell if the master key is correct and will
+overwrite the old one without mercy. It will, however, create a backup copy
+of the old config file as `gocryptfs.conf.bak`. Delete it after
+you have verified that you can access your files with the
+new password.
**-plaintextnames**
: Do not encrypt file names and symlink targets