aboutsummaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/MANPAGE.md102
1 files changed, 52 insertions, 50 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md
index 4fa155a..a7d3d8b 100644
--- a/Documentation/MANPAGE.md
+++ b/Documentation/MANPAGE.md
@@ -1,6 +1,6 @@
% GOCRYPTFS(1)
% github.com/rfjakob
-% May 2016
+% Oct 2016
NAME
====
@@ -32,14 +32,14 @@ Options:
**-aessiv**
: Use the AES-SIV encryption mode. This is slower than GCM but is
-secure with deterministic nonces as used in "-reverse" mode.
+ secure with deterministic nonces as used in "-reverse" mode.
**-allow_other**
: By default, the Linux kernel prevents any other user (even root) to
-access a mounted FUSE filesystem. Settings this option allows access for
-other users, subject to file permission checking. Only works if
-user_allow_other is set in /etc/fuse.conf. This option is equivalent to
-"allow_other" plus "default_permissions" described in fuse(8).
+ access a mounted FUSE filesystem. Settings this option allows access for
+ other users, subject to file permission checking. Only works if
+ user_allow_other is set in /etc/fuse.conf. This option is equivalent to
+ "allow_other" plus "default_permissions" described in fuse(8).
**-config string**
: Use specified config file instead of CIPHERDIR/gocryptfs.conf
@@ -52,9 +52,9 @@ user_allow_other is set in /etc/fuse.conf. This option is equivalent to
**-extpass string**
: Use an external program (like ssh-askpass) for the password prompt.
-The program should return the password on stdout, a trailing newline is
-stripped by gocryptfs. Using something like "cat /mypassword.txt" allows
-to mount the gocryptfs filesytem without user interaction.
+ The program should return the password on stdout, a trailing newline is
+ stripped by gocryptfs. Using something like "cat /mypassword.txt" allows
+ to mount the gocryptfs filesytem without user interaction.
**-f**
: Stay in the foreground instead of forking away. Implies "-nosyslog".
@@ -66,67 +66,68 @@ to mount the gocryptfs filesytem without user interaction.
: Initialize encrypted directory
**-ko**
-: Pass additonal mount options to the kernel (comma-separated list).
-FUSE filesystems are mounted with "nodev,nosuid" by default. If gocryptfs
-runs as root, you can enable device files by passing the opposite mount option,
-"dev", and if you want to enable suid-binaries, pass "suid".
-"ro" (equivalent to passing the "-ro" option) and "noexec" may also be
-interesting. For a complete list see the section
-`FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8).
+: Pass additonal mount options to the kernel (comma-separated list).
+ FUSE filesystems are mounted with "nodev,nosuid" by default. If gocryptfs
+ runs as root, you can enable device files by passing the opposite mount option,
+ "dev", and if you want to enable suid-binaries, pass "suid".
+ "ro" (equivalent to passing the "-ro" option) and "noexec" may also be
+ interesting. For a complete list see the section
+ `FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8).
**-longnames**
: Store names longer than 176 bytes in extra files (default true)
-This flag is useful when recovering old gocryptfs filesystems using
-"-masterkey". It is ignored (stays at the default) otherwise.
+ This flag is useful when recovering old gocryptfs filesystems using
+ "-masterkey". It is ignored (stays at the default) otherwise.
**-masterkey string**
: Use a explicit master key specified on the command line. This
-option can be used to mount a gocryptfs filesystem without a config file.
-Note that the command line, and with it the master key, is visible to
-anybody on the machine who can execute "ps -auxwww".
-This is meant as a recovery option for emergencies, such as if you have
-forgotten your password.
+ option can be used to mount a gocryptfs filesystem without a config file.
+ Note that the command line, and with it the master key, is visible to
+ anybody on the machine who can execute "ps -auxwww".
+ This is meant as a recovery option for emergencies, such as if you have
+ forgotten your password.
- Example master key: 6f717d8b-6b5f8e8a-fd0aa206-778ec093-62c5669b-abd229cd-241e00cd-b4d6713d
+ Example master key:
+ 6f717d8b-6b5f8e8a-fd0aa206-778ec093-62c5669b-abd229cd-241e00cd-b4d6713d
**-memprofile string**
-: Write memory profile to specified file. This is useful when debugging
-memory usage of gocryptfs.
+: Write memory profile to the specified file. This is useful when debugging
+ memory usage of gocryptfs.
**-nonempty**
: Allow mounting over non-empty directories. FUSE by default disallows
-this to prevent accidential shadowing of files.
+ this to prevent accidential shadowing of files.
**-nosyslog**
: Diagnostic messages are normally redirected to syslog once gocryptfs
-daemonizes. This option disables the redirection and messages will
-continue be printed to stdout and stderr.
+ daemonizes. This option disables the redirection and messages will
+ continue be printed to stdout and stderr.
**-notifypid int**
: Send USR1 to the specified process after successful mount. This is
-used internally for daemonization.
+ used internally for daemonization.
**-openssl bool/"auto"**
: Use OpenSSL instead of built-in Go crypto (default "auto"). Using
-built-in crypto is 4x slower unless your CPU has AES instructions and
-you are using Go 1.6+. In mode "auto", gocrypts chooses the faster
-option.
+ built-in crypto is 4x slower unless your CPU has AES instructions and
+ you are using Go 1.6+. In mode "auto", gocrypts chooses the faster
+ option.
**-passfile string**
: Read password from the specified file. This is a shortcut for
-specifying "-extpass /bin/cat FILE".
+ specifying "-extpass /bin/cat FILE".
**-passwd**
: Change the password. Will ask for the old password, check if it is
-correct, and ask for a new one.
+ correct, and ask for a new one.
This can be used together with `-masterkey` if
-you forgot the password but know the master key. Note that without the
-old password, gocryptfs cannot tell if the master key is correct and will
-overwrite the old one without mercy. It will, however, create a backup copy
-of the old config file as `gocryptfs.conf.bak`. Delete it after
-you have verified that you can access your files with the
-new password.
+ you forgot the password but know the master key. Note that without the
+ old password, gocryptfs cannot tell if the master key is correct and will
+ overwrite the old one without mercy. It will, however, create a backup copy
+ of the old config file as `gocryptfs.conf.bak`. Delete it after
+ you have verified that you can access your files with the
+ new password.
**-plaintextnames**
: Do not encrypt file names and symlink targets
@@ -136,33 +137,34 @@ new password.
**-reverse**
: Reverse mode shows a read-only encrypted view of a plaintext
-directory. Implies "-aessiv".
+ directory. Implies "-aessiv".
**-ro**
: Mount the filesystem read-only
**-scryptn int**
: scrypt cost parameter logN. Setting this to a lower value speeds up
-mounting but makes the password susceptible to brute-force attacks (default 16)
+ mounting but makes the password susceptible to brute-force attacks
+ (default 16)
**-version**
-: Print version and exit. The output contains three fields seperated by
-";". Example: "gocryptfs v0.12-2; go-fuse a4c968c; go1.6.2".
-Field 1 is the gocryptfs version, field 2 is the version of the go-fuse
-library, field 3 is the Go version that was used to compile the binary.
+: Print version and exit. The output contains three fields seperated by ";".
+ Example: "gocryptfs v0.12-2; go-fuse a4c968c; go1.6.2".
+ Field 1 is the gocryptfs version, field 2 is the version of the go-fuse
+ library, field 3 is the Go version that was used to compile the binary.
**-wpanic**
: When encountering a warning, panic and exit immediately. This is
-useful in regression testing.
+ useful in regression testing.
**-zerokey**
: Use all-zero dummy master key. This options is only intended for
-automated testing as it does not provide any security.
+ automated testing as it does not provide any security.
Comma-Separated-Options:
-For compatability with mount(1), options are also accepted as
+For compatibility with mount(1), options are also accepted as
"-o COMMA-SEPARATED-OPTIONS" at the end of the command line.
For example, "-o q,zerokey" is equivalent to "-q -zerokey".