"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "encfs/encfs.pod" between
encfs-1.9.4.tar.gz and encfs-1.9.5.tar.gz

About: EncFS is an encrypted virtual filesystem for Linux using the FUSE kernel module.

encfs.pod  (encfs-1.9.4):encfs.pod  (encfs-1.9.5)
skipping to change at line 19 skipping to change at line 19
of the GNU General Public License (GPL), as published by the Free Software of the GNU General Public License (GPL), as published by the Free Software
Foundation; either version 3 of the License, or (at your option) any later Foundation; either version 3 of the License, or (at your option) any later
version. version.
=head1 NAME =head1 NAME
encfs - mounts or creates an encrypted virtual filesystem encfs - mounts or creates an encrypted virtual filesystem
=head1 SYNOPSIS =head1 SYNOPSIS
B<encfs> [B<--version>] [B<-v>|B<--verbose>] [B<-t>|B<--syslogtag>] B<encfs> [B<--version>] [B<-v>|B<--verbose>] [B<-c>|B<--config>] [B<-t>|B<--sysl
[B<-s>] [B<-f>] [B<--annotate>] [B<--standard>] [B<--paranoia>] ogtag>]
[B<-s>] [B<-f>] [B<--annotate>] [B<--standard>] [B<--paranoia>] [B<--insecure>]
[B<--reverse>] [B<--reversewrite>] [B<--extpass=program>] [B<-S>|B<--stdinpass>] [B<--reverse>] [B<--reversewrite>] [B<--extpass=program>] [B<-S>|B<--stdinpass>]
[B<--anykey>] [B<--forcedecode>] [B<-require-macs>] [B<--anykey>] [B<--forcedecode>] [B<-require-macs>]
[B<-i MINUTES>|B<--idle=MINUTES>] [B<-m>|B<--ondemand>] [B<--delaymount>] [B<-i MINUTES>|B<--idle=MINUTES>] [B<-m>|B<--ondemand>] [B<--delaymount>] [B<-u>
[B<--public>] [B<--nocache>] [B<--no-default-flags>] |B<--unmount>]
[B<--public>] [B<--nocache>] [B<--noattrcache>] [B<--nodatacache>] [B<--no-defau
lt-flags>]
[B<-o FUSE_OPTION>] [B<-d>|B<--fuse-debug>] [B<-H>|B<--fuse-help>] [B<-o FUSE_OPTION>] [B<-d>|B<--fuse-debug>] [B<-H>|B<--fuse-help>]
I<rootdir> I<mountPoint> I<rootdir> I<mountPoint>
[B<--> [I<Fuse Mount Options>]] [B<--> [I<Fuse Mount Options>]]
=head1 DESCRIPTION =head1 DESCRIPTION
B<EncFS> creates a virtual encrypted filesystem which stores encrypted data in B<EncFS> creates a virtual encrypted filesystem which stores encrypted data in
the I<rootdir> directory and makes the unencrypted data visible at the the I<rootdir> directory and makes the unencrypted data visible at the
I<mountPoint> directory. The user must supply a password which is used to I<mountPoint> directory. The user must supply a password which is used to
(indirectly) encrypt both filenames and file contents. (indirectly) encrypt both filenames and file contents.
skipping to change at line 51 skipping to change at line 51
=head1 OPTIONS =head1 OPTIONS
=over 4 =over 4
=item B<--version> =item B<--version>
Shows B<EncFS> version. Using B<--verbose> before B<--version> may display Shows B<EncFS> version. Using B<--verbose> before B<--version> may display
additional information. additional information.
=item B<-c>, B<--config>
Causes B<EncFS> to use the supplied file as the configuration file.
=item B<-v>, B<--verbose> =item B<-v>, B<--verbose>
Causes B<EncFS> to enable logging of various debug channels within B<EncFS>. Causes B<EncFS> to enable logging of various debug channels within B<EncFS>.
Normally these logging messages are disabled and have no effect. It is Normally these logging messages are disabled and have no effect. It is
recommended that you run in foreground (B<-f>) mode when running with verbose recommended that you run in foreground (B<-f>) mode when running with verbose
enabled. enabled.
=item B<-t>, B<--syslogtag> =item B<-t>, B<--syslogtag>
This option allows to set the syslog tag which will be used when messages are This option allows to set the syslog tag which will be used when messages are
skipping to change at line 96 skipping to change at line 100
options, to help with automatic filesystem creation. This is the set of options, to help with automatic filesystem creation. This is the set of
options that should be used unless you know what you're doing and have read the options that should be used unless you know what you're doing and have read the
documentation. documentation.
When not creating a filesystem, this flag does nothing. When not creating a filesystem, this flag does nothing.
=item B<--paranoia> =item B<--paranoia>
Same as B<--standard>, but for B<paranoia> mode. Same as B<--standard>, but for B<paranoia> mode.
=item B<--insecure>
Allows you to disable data encoding, thus to pass plain data as is. Fully
discouraged of course!
=item B<--reverse> =item B<--reverse>
Normally B<EncFS> provides a plaintext view of data on demand: it stores Normally B<EncFS> provides a plaintext view of data on demand: it stores
enciphered data and displays plaintext data. With B<--reverse> it takes as enciphered data and displays plaintext data. With B<--reverse> it takes as
source plaintext data and produces enciphered data on-demand. This can be source plaintext data and produces enciphered data on-demand. This can be
useful for creating remote encrypted backups, where you do not wish to keep the useful for creating remote encrypted backups, where you do not wish to keep the
local files unencrypted. local files unencrypted.
For example, the following would create an encrypted view in /tmp/crypt-view. For example, the following would create an encrypted view in /tmp/crypt-view.
skipping to change at line 207 skipping to change at line 216
instead of exiting, B<EncFS> stops allowing access to the filesystem by instead of exiting, B<EncFS> stops allowing access to the filesystem by
internally dropping its reference to it. If someone attempts to access the internally dropping its reference to it. If someone attempts to access the
filesystem again, the extpass program is used to prompt the user for the filesystem again, the extpass program is used to prompt the user for the
password. If this succeeds, then the filesystem becomes available again. password. If this succeeds, then the filesystem becomes available again.
=item B<--delaymount> =item B<--delaymount>
Do not mount the filesystem when encfs starts; instead, delay mounting until Do not mount the filesystem when encfs starts; instead, delay mounting until
first use. This option only makes sense with B<--ondemand>. first use. This option only makes sense with B<--ondemand>.
=item B<-u>, B<--unmount>
Unmounts the specified I<mountPoint>.
=item B<--public> =item B<--public>
Attempt to make encfs behave as a typical multi-user filesystem. By default, Attempt to make encfs behave as a typical multi-user filesystem. By default,
all FUSE based filesystems are visible only to the user who mounted them. No all FUSE based filesystems are visible only to the user who mounted them. No
other users (including root) can view the filesystem contents. The B<--public> other users (including root) can view the filesystem contents. The B<--public>
option does two things. It adds the FUSE flags "allow_other" and option does two things. It adds the FUSE flags "allow_other" and
"default_permission" when mounting the filesystem, which tells FUSE to allow "default_permission" when mounting the filesystem, which tells FUSE to allow
other users to access the filesystem, and to use the ownership permissions other users to access the filesystem, and to use the ownership permissions
provided by the filesystem. Secondly, the B<--public> flag changes how encfs's provided by the filesystem. Secondly, the B<--public> flag changes how encfs's
node creation functions work - as they will try and set ownership of new nodes node creation functions work - as they will try and set ownership of new nodes
skipping to change at line 228 skipping to change at line 241
B<Warning>: In order for this to work, encfs must be run as root -- otherwise B<Warning>: In order for this to work, encfs must be run as root -- otherwise
it will not have the ability to change ownership of files. I recommend that it will not have the ability to change ownership of files. I recommend that
you instead investigate if the fuse allow_other option can be used to do what you instead investigate if the fuse allow_other option can be used to do what
you want before considering the use of B<--public>. you want before considering the use of B<--public>.
=item B<--nocache> =item B<--nocache>
Disable the kernel's cache of file attributes. Disable the kernel's cache of file attributes.
Setting this option makes EncFS pass "attr_timeout=0" and "entry_timeout=0" to Setting this option makes EncFS pass "attr_timeout=0" and "entry_timeout=0" to
FUSE. This makes sure that modifications to the backing files that occour FUSE. This makes sure that modifications to the backing file attributes that
outside EncFS show up immediately in the EncFS mount. The main use case occour outside EncFS show up immediately in the EncFS mount. The internal EncFS
for "--nocache" is reverse mode. data cache is also disabled. The main use case for B<--nocache> is reverse mode.
=item B<--noattrcache>
Same as B<--nocache> but for attributes only.
=item B<--nodatacache>
Same as B<--nocache> but for data only.
=item B<--no-default-flags> =item B<--no-default-flags>
B<Encfs> adds the FUSE flags "use_ino" and "default_permissions" by default, as B<Encfs> adds the FUSE flags "use_ino" and "default_permissions" by default, as
of version 1.2.2, because that improves compatibility with some programs. If of version 1.2.2, because that improves compatibility with some programs. If
for some reason you need to disable one or both of these flags, use the option for some reason you need to disable one or both of these flags, use the option
B<--no-default-flags>. B<--no-default-flags>.
The following command lines produce the same result: The following command lines produce the same result:
skipping to change at line 355 skipping to change at line 376
=head1 CAVEATS =head1 CAVEATS
B<EncFS> is not a true filesystem. It does not deal with any of the actual B<EncFS> is not a true filesystem. It does not deal with any of the actual
storage or maintenance of files. It simply translates requests (encrypting or storage or maintenance of files. It simply translates requests (encrypting or
decrypting as necessary) and passes the requests through to the underlying decrypting as necessary) and passes the requests through to the underlying
host filesystem. Therefore any limitations of the host filesystem will be host filesystem. Therefore any limitations of the host filesystem will be
inherited by B<EncFS> (or possibly be further limited). inherited by B<EncFS> (or possibly be further limited).
One such limitation is filename length. If your underlying filesystem limits One such limitation is filename length. If your underlying filesystem limits
you to N characters in a filename, then B<EncFS> will limit you to approximately you to N characters in a filename, then B<EncFS> will limit you to approximately
3*(N-2)/4. For example if the host filesystem limits to 256 characters, then 3*(N-2)/4. For example if the host filesystem limits to 255 characters, then
B<EncFS> will be limited to 190 character filenames. This is because encrypted B<EncFS> will be limited to 189 character filenames. This is because encrypted
filenames are always longer than plaintext filenames. filenames are always longer than plaintext filenames.
=head1 FILESYSTEM OPTIONS =head1 FILESYSTEM OPTIONS
When B<EncFS> is given a root directory which does not contain an existing When B<EncFS> is given a root directory which does not contain an existing
B<EncFS> filesystem, it will give the option to create one. Note that options B<EncFS> filesystem, it will give the option to create one. Note that options
can only be set at filesystem creation time. There is no support for modifying can only be set at filesystem creation time. There is no support for modifying
a filesystem's options in-place. a filesystem's options in-place.
If you want to upgrade a filesystem to use newer features, then you need to If you want to upgrade a filesystem to use newer features, then you need to
skipping to change at line 470 skipping to change at line 491
rounded up to the block size of the encryption cipher (8 bytes for Blowfish and rounded up to the block size of the encryption cipher (8 bytes for Blowfish and
16 bytes for AES). 16 bytes for AES).
The advantage of block encoding mode is that filename lengths all come out as a The advantage of block encoding mode is that filename lengths all come out as a
multiple of the cipher block size. This means that someone looking at your multiple of the cipher block size. This means that someone looking at your
encrypted data can't tell as much about the length of your filenames. It is encrypted data can't tell as much about the length of your filenames. It is
on by default, as it takes a similar amount of time to using the stream cipher. on by default, as it takes a similar amount of time to using the stream cipher.
However stream cipher mode may be useful if you want shorter encrypted However stream cipher mode may be useful if you want shorter encrypted
filenames for some reason. filenames for some reason.
Based on an underlying filesystem supporting a maximum of 255 characters in
filenames, here is the maximum possible filename length depending on the choosen
encoding scheme : stream (189), block (176), block32 (143). Note that we should
rather talk about bytes, when filenames contain special (multi-bytes) characters
.
Prior to version 1.1, only stream encoding was supported. Prior to version 1.1, only stream encoding was supported.
=item I<Filename Initialization Vector Chaining> =item I<Filename Initialization Vector Chaining>
B<New in 1.1>. In previous versions of B<EncFS>, each filename element in B<New in 1.1>. In previous versions of B<EncFS>, each filename element in
a path was encoded separately. So if "foo" encoded to "XXX", then it would a path was encoded separately. So if "foo" encoded to "XXX", then it would
always encode that way (given the same encryption key), no matter if the path always encode that way (given the same encryption key), no matter if the path
was "a/b/foo", or "aa/foo/cc", etc. That meant it was possible for someone was "a/b/foo", or "aa/foo/cc", etc. That meant it was possible for someone
looking at the encrypted data to see if two files in different directories had looking at the encrypted data to see if two files in different directories had
the same name, even though they wouldn't know what that name decoded to. the same name, even though they wouldn't know what that name decoded to.
skipping to change at line 639 skipping to change at line 665
=head1 AUTHORS =head1 AUTHORS
B<EncFS> was written by B<< Valient Gough <vgough@pobox.com> >>. B<EncFS> was written by B<< Valient Gough <vgough@pobox.com> >>.
Site : B<https://vgough.github.io/encfs/>. Site : B<https://vgough.github.io/encfs/>.
Support, bug reports... : B<https://github.com/vgough/encfs>. Support, bug reports... : B<https://github.com/vgough/encfs>.
Mailing list : none. Mailing list : none.
Cygwin, Windows ports : B<https://github.com/vgough/encfs/wiki>.
=head1 SEE ALSO =head1 SEE ALSO
encfsctl(1) encfsctl(1)
 End of changes. 9 change blocks. 
9 lines changed or deleted 41 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)