Initial import

1 files changed, 242 insertions, 0 deletions

diff --git a/gocryptfs.1 b/gocryptfs.1
new file mode 100644
index 000000000000..30ebd15ab857
--- /dev/null
+++ b/gocryptfs.1
@@ -0,0 +1,242 @@
+.\" Automatically generated by Pandoc 1.17.2
+.\"
+.TH "GOCRYPTFS" "1" "May 2016" "" ""
+.hy
+.SH NAME
+.PP
+gocryptfs \- mount an encrypted directory
+.SH SYNOPSIS
+.SS Initialize encrypted filesystem
+.PP
+gocryptfs \-init [OPTIONS] CIPHERDIR
+.SS Mount
+.PP
+gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT [\-o COMMA\-SEPARATED\-OPTIONS]
+.SS Change password
+.PP
+gocryptfs \-passwd [OPTIONS] CIPHERDIR
+.SH DESCRIPTION
+.PP
+Options:
+.TP
+.B \f[B]\-aessiv\f[]
+Use the AES\-SIV encryption mode.
+This is slower than GCM but is secure with deterministic nonces as used
+in "\-reverse" mode.
+.RS
+.RE
+.TP
+.B \f[B]\-allow_other\f[]
+By default, the Linux kernel prevents any other user (even root) to
+access a mounted FUSE filesystem.
+Settings this option allows access for other users, subject to file
+permission checking.
+Only works if user_allow_other is set in /etc/fuse.conf.
+This option is equivalent to "allow_other" plus "default_permissions"
+described in fuse(8).
+.RS
+.RE
+.TP
+.B \f[B]\-config string\f[]
+Use specified config file instead of CIPHERDIR/gocryptfs.conf
+.RS
+.RE
+.TP
+.B \f[B]\-cpuprofile string\f[]
+Write cpu profile to specified file
+.RS
+.RE
+.TP
+.B \f[B]\-d, \-debug\f[]
+Enable debug output
+.RS
+.RE
+.TP
+.B \f[B]\-extpass string\f[]
+Use an external program (like ssh\-askpass) for the password prompt.
+The program should return the password on stdout, a trailing newline is
+stripped by gocryptfs.
+Using something like "cat /mypassword.txt" allows to mount the gocryptfs
+filesytem without user interaction.
+.RS
+.RE
+.TP
+.B \f[B]\-f\f[]
+Stay in the foreground instead of forking away.
+Implies "\-nosyslog".
+.RS
+.RE
+.TP
+.B \f[B]\-fusedebug\f[]
+Enable fuse library debug output
+.RS
+.RE
+.TP
+.B \f[B]\-init\f[]
+Initialize encrypted directory
+.RS
+.RE
+.TP
+.B \f[B]\-ko\f[]
+Pass additonal mount options to the kernel (comma\-separated list).
+FUSE filesystems are mounted with "nodev,nosuid" by default.
+If gocryptfs runs as root, you can enable device files by passing the
+opposite mount option, "dev", and if you want to enable suid\-binaries,
+pass "suid".
+"ro" (equivalent to passing the "\-ro" option) and "noexec" may also be
+interesting.
+For a complete list see the section
+\f[C]FILESYSTEM\-INDEPENDENT\ MOUNT\ OPTIONS\f[] in mount(8).
+.RS
+.RE
+.TP
+.B \f[B]\-longnames\f[]
+Store names longer than 176 bytes in extra files (default true) This
+flag is useful when recovering old gocryptfs filesystems using
+"\-masterkey".
+It is ignored (stays at the default) otherwise.
+.RS
+.RE
+.TP
+.B \f[B]\-masterkey string\f[]
+Use a explicit master key specified on the command line.
+This option can be used to mount a gocryptfs filesystem without a config
+file.
+Note that the command line, and with it the master key, is visible to
+anybody on the machine who can execute "ps \-auxwww".
+This is meant as a recovery option for emergencies, such as if you have
+forgotten your password.
+.RS
+.PP
+Example master key:
+6f717d8b\-6b5f8e8a\-fd0aa206\-778ec093\-62c5669b\-abd229cd\-241e00cd\-b4d6713d
+.RE
+.TP
+.B \f[B]\-memprofile string\f[]
+Write memory profile to specified file.
+This is useful when debugging memory usage of gocryptfs.
+.RS
+.RE
+.TP
+.B \f[B]\-nonempty\f[]
+Allow mounting over non\-empty directories.
+FUSE by default disallows this to prevent accidential shadowing of
+files.
+.RS
+.RE
+.TP
+.B \f[B]\-nosyslog\f[]
+Diagnostic messages are normally redirected to syslog once gocryptfs
+daemonizes.
+This option disables the redirection and messages will continue be
+printed to stdout and stderr.
+.RS
+.RE
+.TP
+.B \f[B]\-notifypid int\f[]
+Send USR1 to the specified process after successful mount.
+This is used internally for daemonization.
+.RS
+.RE
+.TP
+.B \f[B]\-openssl bool/"auto"\f[]
+Use OpenSSL instead of built\-in Go crypto (default "auto").
+Using built\-in crypto is 4x slower unless your CPU has AES instructions
+and you are using Go 1.6+.
+In mode "auto", gocrypts chooses the faster option.
+.RS
+.RE
+.TP
+.B \f[B]\-passfile string\f[]
+Read password from the specified file.
+This is a shortcut for specifying "\-extpass /bin/cat FILE".
+.RS
+.RE
+.TP
+.B \f[B]\-passwd\f[]
+Change the password.
+Will ask for the old password, check if it is correct, and ask for a new
+one.
+.RS
+.PP
+This can be used together with \f[C]\-masterkey\f[] if you forgot the
+password but know the master key.
+Note that without the old password, gocryptfs cannot tell if the master
+key is correct and will overwrite the old one without mercy.
+It will, however, create a backup copy of the old config file as
+\f[C]gocryptfs.conf.bak\f[].
+Delete it after you have verified that you can access your files with
+the new password.
+.RE
+.TP
+.B \f[B]\-plaintextnames\f[]
+Do not encrypt file names and symlink targets
+.RS
+.RE
+.TP
+.B \f[B]\-q, \-quiet\f[]
+Quiet \- silence informational messages
+.RS
+.RE
+.TP
+.B \f[B]\-reverse\f[]
+Reverse mode shows a read\-only encrypted view of a plaintext directory.
+Implies "\-aessiv".
+.RS
+.RE
+.TP
+.B \f[B]\-ro\f[]
+Mount the filesystem read\-only
+.RS
+.RE
+.TP
+.B \f[B]\-scryptn int\f[]
+scrypt cost parameter logN.
+Setting this to a lower value speeds up mounting but makes the password
+susceptible to brute\-force attacks (default 16)
+.RS
+.RE
+.TP
+.B \f[B]\-version\f[]
+Print version and exit.
+The output contains three fields seperated by ";".
+Example: "gocryptfs v0.12\-2; go\-fuse a4c968c; go1.6.2".
+Field 1 is the gocryptfs version, field 2 is the version of the go\-fuse
+library, field 3 is the Go version that was used to compile the binary.
+.RS
+.RE
+.TP
+.B \f[B]\-wpanic\f[]
+When encountering a warning, panic and exit immediately.
+This is useful in regression testing.
+.RS
+.RE
+.TP
+.B \f[B]\-zerokey\f[]
+Use all\-zero dummy master key.
+This options is only intended for automated testing as it does not
+provide any security.
+.RS
+.RE
+.PP
+Comma\-Separated\-Options:
+.PP
+For compatability with mount(1), options are also accepted as "\-o
+COMMA\-SEPARATED\-OPTIONS" at the end of the command line.
+For example, "\-o q,zerokey" is equivalent to "\-q \-zerokey".
+.SH EXAMPLES
+.PP
+Create and mount an encrypted filesystem:
+.PP
+mkdir /tmp/g1 /tmp/g2
+.PP
+gocryptfs \-init /tmp/g1
+.PD 0
+.P
+.PD
+gocryptfs /tmp/g1 /tmp/g2
+.SH SEE ALSO
+.PP
+fuse(8)
+.SH AUTHORS
+github.com/rfjakob.