encfsctl(1) [debian man page]

ENCFSCTL(1)						       Encrypted Filesystem						       ENCFSCTL(1)

NAME

       encfsctl - administrative tool for working with EncFS filesystems

SYNOPSIS

       encfsctl [command command_args]

       encfsctl rootdir

       encfsctl info rootdir

       encfsctl passwd rootdir

       encfsctl showcruft rootdir

       encfsctl decode [--extpass=prog] rootdir [encoded name ...]

       encfsctl encode [--extpass=prog] rootdir [plaintext name ...]

DESCRIPTION

       encfsctl is an administrative tool for working with EncFS filesystems.  It is capable of changing the user supplied password, displaying
       basic information about an encrypted volume, and other related operations.

COMMANDS

       info
	   Display basic information about the filesystem.  Takes a single argument, rootdir, which is the root directory of the encrypted
	   filesystem.	The filesystem need not be mounted.  Info is also the default command if only a root directory is provided on the command
	   line.

       passwd
	   Allows changing the password of the encrypted filesystem.  The user will be prompted for the existing password and the new password.

       showcruft
	   Recursively search through the entire volume and display all files which are not decodable (only checks filename encoding, not block
	   MAC headers).  This might be useful for cleanup in case you've made use of features which create files which are not decodable under
	   the primary key.

       decode
	   Allows you to specify an encoded name on the command line, and displays decoded version.  This is mostly useful for debugging, as debug
	   messages always display encrypted filenames (to avoid leaking sensitive data through the debug channels).  So this command provides a
	   way to decode the filenames.

	   The --extpass option can be used to specify the program which returns the password - just like with encfs.

	   If no names are specified on the command line, then a list of filenames will be read from stdin and decoded.

       encode
	   Allows you to specify a filename on the command line, and displays its encoded version. This is useful if e.g. you are taking a backup
	   of an encrypted directory and would like to exclude some files.

	   The --extpass option can be used to specify the program which returns the password - just like with encfs.

	   If no names are specified on the command line, then a list of filenames will be read from stdin and encoded.

EXAMPLES

       Show information about an encrypted filesystem:

	% encfsctl info ~/.crypt

	Version 5 configuration; created by EncFS 1.1 (revision 20040504)
	Filesystem cipher: "ssl/aes" , version 2:1:1
	Filename encoding: "nameio/block" , version 3:0:1
	Key Size: 192 bits
	Block Size: 512 bytes
	Each file contains 8 byte header with unique IV data.
	Filesname encoded using IV chaining mode.

DISCLAIMER

       This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MER-
       CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  Please refer to the "COPYING" file distributed with encfs for complete details.

AUTHORS

       EncFS was written by Valient Gough <vgough@pobox.com>.

SEE ALSO

       encfs(1)

1.7.3								    2009-11-29							       ENCFSCTL(1)

Check Out this Related Man Page

pmt-ehd(8) pam_mount pmt-ehd(8)

Name
pmt-ehd - create an encrypted disk image

Syntax
pmt-ehd [-DFx] [-c fscipher] [-h digest] [-i cipher] [-k fscipher_keybits] [-t fstype] -f container_path -p fskey_path -s size_in_mb

Options
Mandatory options that are absent are inquired interactively, and pmt-ehd will exit if stdin is not a terminal.

-D Turn on debugging strings.

-F Force operation that would otherwise ask for interactive confirmation. Multiple -F can be specified to apply more force.

-c cipher
The cipher to be used for the filesystem. This can take any value that cryptsetup(8) recognizes, usually in the form of "cipher-
mode[-extras]". Recommended are aes-cbc-essiv:sha256 (this is the default) or blowfish-cbc-essiv:sha256.

-f path
Store the new disk image at path. If the file already exists, pmt-ehd will prompt before overwriting unless -F is given. If path
refers to a symlink, pmt-ehd will act even more cautious.

-h digest
Digest used for fskey derivation from the password. This can take any value that OpenSSL recognizes. The default is sha1.

-i cipher
Cipher used for the filesystem key (not the encrypted filesystem itself). This can take any value that OpenSSL recognizes, usually
in the form of "cipher-keysize-mode". Recommended is aes-256-cbc (this is the default).

-k keybits
The keysize for the cipher specified with -c. Some ciphers support multiple keysizes, AES for example is available with at least the
keysizes 192 and 256. Example: -c aes-cbc-essiv:sha256 -k 192. The default is 256.

-p path
Store the filesystem key at path. The filesystem key is the ultimate key to open the encrypted filesystem, and the fs key itself is
encrypted with your password.

-s size
The initial size of the encrypted filesystem, in megabytes. This option is ignored when the filesystem is created on a block device.

-t fstype
Filesystem to use for the encrypted filesystem. Defaults to xfs.

-u user
Give the container and fskey files to user (because the program is usually runs as root, and the files would otherwise retain root
ownership).

-x Do not initialize the container with random bytes. This may impact secrecy.

Description
pmt-ehd can be used to create a new encrypted container, and replaces the previous mkehd script as well as any HOWTOs that explain how to
do it manually. Without any arguments, pmt-ehd will interactively ask for all missing parameters. To create a container with a size of 256
MB, use:

pmt-ehd -f /home/user.key -p /home/user.enc -s 256

pam_mount 2008-09-16 pmt-ehd(8)

Linux and UNIX Man Pages

encfsctl(1) [debian man page]

Check Out this Related Man Page