diff options
Diffstat (limited to 'Documentation/MANPAGE.md')
-rw-r--r-- | Documentation/MANPAGE.md | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md index 1049703..4fa155a 100644 --- a/Documentation/MANPAGE.md +++ b/Documentation/MANPAGE.md @@ -80,10 +80,14 @@ This flag is useful when recovering old gocryptfs filesystems using "-masterkey". It is ignored (stays at the default) otherwise. **-masterkey string** -: Mount with explicit master key specified on the command line. This +: Use a explicit master key specified on the command line. This option can be used to mount a gocryptfs filesystem without a config file. Note that the command line, and with it the master key, is visible to anybody on the machine who can execute "ps -auxwww". +This is meant as a recovery option for emergencies, such as if you have +forgotten your password. + + Example master key: 6f717d8b-6b5f8e8a-fd0aa206-778ec093-62c5669b-abd229cd-241e00cd-b4d6713d **-memprofile string** : Write memory profile to specified file. This is useful when debugging @@ -91,7 +95,7 @@ memory usage of gocryptfs. **-nonempty** : Allow mounting over non-empty directories. FUSE by default disallows -this because to prevent accidential shadowing of files. +this to prevent accidential shadowing of files. **-nosyslog** : Diagnostic messages are normally redirected to syslog once gocryptfs @@ -113,7 +117,16 @@ option. specifying "-extpass /bin/cat FILE". **-passwd** -: Change password +: Change the password. Will ask for the old password, check if it is +correct, and ask for a new one. + + This can be used together with `-masterkey` if +you forgot the password but know the master key. Note that without the +old password, gocryptfs cannot tell if the master key is correct and will +overwrite the old one without mercy. It will, however, create a backup copy +of the old config file as `gocryptfs.conf.bak`. Delete it after +you have verified that you can access your files with the +new password. **-plaintextnames** : Do not encrypt file names and symlink targets |