encfsctl - administrative tool for working with EncFS filesystems
encfsctl [
command command_args]
encfsctl [info]
rootdir
encfsctl passwd
rootdir
encfsctl showcruft
rootdir
encfsctl decode [--extpass=prog]
rootdir [encoded name ...]
encfsctl encode [--extpass=prog]
rootdir [plaintext name ...]
encfsctl cat [--extpass=prog] [--reverse]
rootdir
<(cipher|plain) filename>
encfsctl is an administrative tool for working with EncFS filesystems. It
is capable of changing the user supplied password, displaying basic
information about an encrypted volume, and other related operations.
- info
- Display basic information about the filesystem. Takes a
single argument, rootdir, which is the root directory of the
encrypted filesystem. The filesystem need not be mounted. Info is
also the default command if only a root directory is provided on the
command line.
- passwd
- Allows changing the password of the encrypted filesystem.
The user will be prompted for the existing password and the new
password.
- showcruft
- Recursively search through the entire volume and display
all files which are not decodable (only checks filename encoding, not
block MAC headers). This might be useful for cleanup in case you've made
use of features which create files which are not decodable under the
primary key.
- decode
- Allows you to specify an encoded name on the command line,
and displays decoded version. This is mostly useful for debugging, as
debug messages always display encrypted filenames (to avoid leaking
sensitive data through the debug channels). So this command provides a way
to decode the filenames.
The --extpass option can be used to specify the program which returns
the password - just like with encfs.
If no names are specified on the command line, then a list of filenames will
be read from stdin and decoded.
- encode
- Allows you to specify a filename on the command line, and
displays its encoded version. This is useful if e.g. you are taking a
backup of an encrypted directory and would like to exclude some files.
The --extpass option can be used to specify the program which returns
the password - just like with encfs.
If no names are specified on the command line, then a list of filenames will
be read from stdin and encoded.
- cat
- Decodes and cats the content of an encrypted file.
The filename can be given in a plain or ciphered form. With
--reverse The file content will instead be encrypted.
Show information about an encrypted filesystem:
% encfsctl info ~/.crypt
Version 5 configuration; created by EncFS 1.1 (revision 20040504)
Filesystem cipher: "ssl/aes" , version 2:1:1
Filename encoding: "nameio/block" , version 3:0:1
Key Size: 192 bits
Block Size: 512 bytes
Each file contains 8 byte header with unique IV data.
Filesname encoded using IV chaining mode.
This library is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. Please refer to the "COPYING" file distributed
with
encfs for complete details.
EncFS was written by
Valient Gough <[email protected]>.
encfs(1)