diff options
Diffstat (limited to 'doc/manpage')
26 files changed, 1717 insertions, 0 deletions
diff --git a/doc/manpage/Makefile.am b/doc/manpage/Makefile.am new file mode 100644 index 0000000..09f6dd2 --- /dev/null +++ b/doc/manpage/Makefile.am @@ -0,0 +1,37 @@ +# Copyright (C) 2006 Trevor Highland <trevor.highland@gmail.com> +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in + +dist_man_MANS = \ + ecryptfs.7 \ + ecryptfs-add-passphrase.1 \ + ecryptfsd.8 \ + ecryptfs-find.1 \ + ecryptfs-generate-tpm-key.1 \ + ecryptfs-insert-wrapped-passphrase-into-keyring.1 \ + ecryptfs-manager.8 \ + ecryptfs-migrate-home.8 \ + ecryptfs-mount-private.1 \ + ecryptfs-recover-private.1 \ + ecryptfs-rewrap-passphrase.1 \ + ecryptfs-rewrite-file.1 \ + ecryptfs-setup-private.1 \ + ecryptfs-setup-swap.1 \ + ecryptfs-stat.1 \ + ecryptfs-umount-private.1 \ + ecryptfs-unwrap-passphrase.1 \ + ecryptfs-verify.1 \ + ecryptfs-wrap-passphrase.1 \ + mount.ecryptfs.8 \ + umount.ecryptfs.8 \ + mount.ecryptfs_private.1 \ + pam_ecryptfs.8 \ + umount.ecryptfs_private.1 diff --git a/doc/manpage/Makefile.in b/doc/manpage/Makefile.in new file mode 100644 index 0000000..20ef4f6 --- /dev/null +++ b/doc/manpage/Makefile.in @@ -0,0 +1,721 @@ +# Makefile.in generated by automake 1.13.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Copyright (C) 2006 Trevor Highland <trevor.highland@gmail.com> +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +target_triplet = @target@ +subdir = doc/manpage +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(dist_man_MANS) +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/ac_pkg_swig.m4 \ + $(top_srcdir)/m4/ac_python_devel.m4 \ + $(top_srcdir)/m4/intltool.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/swig_python.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +man1dir = $(mandir)/man1 +am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man7dir)" \ + "$(DESTDIR)$(man8dir)" +man7dir = $(mandir)/man7 +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(dist_man_MANS) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_CPPFLAGS = @AM_CPPFLAGS@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ +CRYPTO_LIBS = @CRYPTO_LIBS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +DVIPS = @DVIPS@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GPGME_CFLAGS = @GPGME_CFLAGS@ +GPGME_LIBS = @GPGME_LIBS@ +GREP = @GREP@ +GTK_CFLAGS = @GTK_CFLAGS@ +GTK_LIBS = @GTK_LIBS@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +KEYUTILS_CFLAGS = @KEYUTILS_CFLAGS@ +KEYUTILS_LIBS = @KEYUTILS_LIBS@ +LATEX = @LATEX@ +LATEX2HTML = @LATEX2HTML@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBECRYPTFS_LT_AGE = @LIBECRYPTFS_LT_AGE@ +LIBECRYPTFS_LT_CURRENT = @LIBECRYPTFS_LT_CURRENT@ +LIBECRYPTFS_LT_REVISION = @LIBECRYPTFS_LT_REVISION@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LOCALEDIR = @LOCALEDIR@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NSS_CFLAGS = @NSS_CFLAGS@ +NSS_LIBS = @NSS_LIBS@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_CFLAGS = @OPENSSL_CFLAGS@ +OPENSSL_LIBS = @OPENSSL_LIBS@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_CFLAGS = @PAM_CFLAGS@ +PAM_LIBS = @PAM_LIBS@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKCS11_HELPER_CFLAGS = @PKCS11_HELPER_CFLAGS@ +PKCS11_HELPER_LIBS = @PKCS11_HELPER_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POD2MAN = @POD2MAN@ +POFILES = @POFILES@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +PS2PDF = @PS2PDF@ +PYTHON = @PYTHON@ +PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@ +PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@ +PYTHON_LDFLAGS = @PYTHON_LDFLAGS@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_SITE_PKG = @PYTHON_SITE_PKG@ +PYTHON_VERSION = @PYTHON_VERSION@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SWIG = @SWIG@ +SWIG_LIB = @SWIG_LIB@ +SWIG_PYTHON_CPPFLAGS = @SWIG_PYTHON_CPPFLAGS@ +SWIG_PYTHON_OPT = @SWIG_PYTHON_OPT@ +TAR = @TAR@ +TSPI_CFLAGS = @TSPI_CFLAGS@ +TSPI_LIBS = @TSPI_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +ecryptfskeymoddir = @ecryptfskeymoddir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pamdir = @pamdir@ +pamlibdir = @pamlibdir@ +pdfdir = @pdfdir@ +pkgconfigdir = @pkgconfigdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +rootsbindir = @rootsbindir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target = @target@ +target_alias = @target_alias@ +target_cpu = @target_cpu@ +target_os = @target_os@ +target_vendor = @target_vendor@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +dist_man_MANS = \ + ecryptfs.7 \ + ecryptfs-add-passphrase.1 \ + ecryptfsd.8 \ + ecryptfs-find.1 \ + ecryptfs-generate-tpm-key.1 \ + ecryptfs-insert-wrapped-passphrase-into-keyring.1 \ + ecryptfs-manager.8 \ + ecryptfs-migrate-home.8 \ + ecryptfs-mount-private.1 \ + ecryptfs-recover-private.1 \ + ecryptfs-rewrap-passphrase.1 \ + ecryptfs-rewrite-file.1 \ + ecryptfs-setup-private.1 \ + ecryptfs-setup-swap.1 \ + ecryptfs-stat.1 \ + ecryptfs-umount-private.1 \ + ecryptfs-unwrap-passphrase.1 \ + ecryptfs-verify.1 \ + ecryptfs-wrap-passphrase.1 \ + mount.ecryptfs.8 \ + umount.ecryptfs.8 \ + mount.ecryptfs_private.1 \ + pam_ecryptfs.8 \ + umount.ecryptfs_private.1 + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/manpage/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign doc/manpage/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man1: $(dist_man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(dist_man_MANS)'; \ + test -n "$(man1dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.1[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) +install-man7: $(dist_man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(dist_man_MANS)'; \ + test -n "$(man7dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man7dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man7dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.7[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man7dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man7dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man7dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man7dir)" || exit $$?; }; \ + done; } + +uninstall-man7: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man7dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.7[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man7dir)'; $(am__uninstall_files_from_dir) +install-man8: $(dist_man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(dist_man_MANS)'; \ + test -n "$(man8dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.8[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(MANS) +installdirs: + for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man7dir)" "$(DESTDIR)$(man8dir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." + -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-man + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: install-man1 install-man7 install-man8 + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-man + +uninstall-man: uninstall-man1 uninstall-man7 uninstall-man8 + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + cscopelist-am ctags-am distclean distclean-generic \ + distclean-libtool distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-man1 install-man7 install-man8 install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ + uninstall-am uninstall-man uninstall-man1 uninstall-man7 \ + uninstall-man8 + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/doc/manpage/ecryptfs-add-passphrase.1 b/doc/manpage/ecryptfs-add-passphrase.1 new file mode 100644 index 0000000..011d839 --- /dev/null +++ b/doc/manpage/ecryptfs-add-passphrase.1 @@ -0,0 +1,31 @@ +.TH ecryptfs-add-passphrase 1 2008-07-21 ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-add-passphrase \- add an eCryptfs mount passphrase to the kernel keyring. + +.SH SYNOPSIS +\fBecryptfs-add-passphrase\fP [\-\-fnek] + +printf "%s" "passphrase" | \fBecryptfs-add-passphrase\fP [\-\-fnek] - + +.SH DESCRIPTION +\fBecryptfs-add-passphrase\fP is a utility to manually add a passphrase to the kernel keyring. + +If the \-\-fnek option is specified, the filename encryption key associated with the input passphrase will also be added to the keyring. + +.SH SEE ALSO +.PD 0 +.TP +\fBecryptfs\fP(7), \fBkeyctl\fP(1) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP + +.PD + +.SH AUTHOR +This manpage was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-find.1 b/doc/manpage/ecryptfs-find.1 new file mode 100644 index 0000000..cf6c9f8 --- /dev/null +++ b/doc/manpage/ecryptfs-find.1 @@ -0,0 +1,25 @@ +.TH ecryptfs-find 1 2012-01-24 ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-find \- use inode numbers to match encrypted/decrypted filenames + +.SH SYNOPSIS +\fBecryptfs-find\fP cleartext-filename +\fBecryptfs-find\fP ECRYPTFS_FNEK_ENCRYPTED.fwBGx18a.UcYl18CF7VKLMSDuEadV + +.SH DESCRIPTION +This program will attempt to match encrypted filenames to their decrypted counterpart, and attempt to match decrypted filenames to their encrypted counterpart. + +Notes: + - the eCryptfs filesystem must be mounted in order to work + - it uses \fBls\fP(1) in order to determine the inode + - it uses \fBfind\fP(1) in order to locate the inode + +.SH SEE ALSO +\fBfind\fP(1), \fBls\fP(1) + +\fIhttp://ecryptfs.org/\fP + +.SH AUTHOR +This manpage was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-generate-tpm-key.1 b/doc/manpage/ecryptfs-generate-tpm-key.1 new file mode 100644 index 0000000..72ba51f --- /dev/null +++ b/doc/manpage/ecryptfs-generate-tpm-key.1 @@ -0,0 +1,29 @@ +.TH ecryptfs-generate-tpm-key 1 2008-07-21 ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-generate-tpm-key \- generate an eCryptfs key for TPM hardware. + +.SH SYNOPSIS +\fBecryptfs-generate-tpm-key \-p PCR \fP [\-p PCR]... + +.SH DESCRIPTION +\fBecryptfs-generate-tpm-key\fP is a utility to generate a sealing (storage) key bound to a specified set of PCRs values in the current TPM's PCR's. + +.SH EXAMPLE +ecryptfs-generate-tpm-key \-p 0 \-p 2 \-p 3 + +.SH SEE ALSO +.PD 0 +.TP +\fBecryptfs\fP(7) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-insert-wrapped-passphrase-into-keyring.1 b/doc/manpage/ecryptfs-insert-wrapped-passphrase-into-keyring.1 new file mode 100644 index 0000000..21e0993 --- /dev/null +++ b/doc/manpage/ecryptfs-insert-wrapped-passphrase-into-keyring.1 @@ -0,0 +1,28 @@ +.TH ecryptfs-insert-wrapped-passphrase-into-keyring 1 2008-07-21 ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-insert-wrapped-passphrase-into-keyring \- unwrap a wrapped passphrase from file and insert into the kernel keyring. + +.SH SYNOPSIS +\fBecryptfs-insert-wrapped-passphrase-into-keyring [file]\fP + +printf "%s" "wrapping passphrase" | \fBecryptfs-insert-wrapped-passphrase-into-keyring [file] -\fP + +.SH DESCRIPTION +\fBecryptfs-insert-wrapped-passphrase-into-keyring\fP is a utility to manually unwrap a passphrase from a file, and insert the unwrapped passphrase into the kernel keyring. + +.SH SEE ALSO +.PD 0 +.TP +\fBecryptfs\fP(7), \fBkeyctl\fP(1) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-manager.8 b/doc/manpage/ecryptfs-manager.8 new file mode 100644 index 0000000..d2fc361 --- /dev/null +++ b/doc/manpage/ecryptfs-manager.8 @@ -0,0 +1,25 @@ +.TH ecryptfs\-manager 8 "May 2007" ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-manager \- eCryptfs key manager. + +.SH DESCRIPTION +\fBecryptfs-manager\fP is an application that manages eCryptfs objects such as keys. + +You can use \fBecryptfs-manager\fP to ask key modules to generate new keys for you, for instance. + +.SH "SEE ALSO" +.PD 0 +.TP +\fBecryptfs\fP(7), \fBecryptfsd\fP(8), \fBmount.ecryptfs\fP(8) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage was written by William Lima <wlima.amadeus@gmail.com> for the Ubuntu system (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-migrate-home.8 b/doc/manpage/ecryptfs-migrate-home.8 new file mode 100644 index 0000000..d118a14 --- /dev/null +++ b/doc/manpage/ecryptfs-migrate-home.8 @@ -0,0 +1,40 @@ +.TH ecryptfs-migrate-home 8 2012-01-24 ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-migrate-home \- migrate a user's home to directory to an encrypted home setup + +.SH SYNOPSIS +\fBecryptfs-migrate-home\fP [-u|--user USER] + +.SH OPTIONS +.TP +.B -u, --user USER +Migrate USER's home directory to an encrypted home directory + +.SH DESCRIPTION +\fBWARNING\fP: Make a complete backup copy of the non-encrypted data to another system or external media. This script is dangerous and in case of an error, could result in data lost, or lock USER out of the system! + +This program must be executed by root. + +This program will attempt to migrate a user's home directory to an encrypted home directory. + +This program requires free disk space 2.5x the current size of the home directory to be migrated. Once successful, you can recover most of this space by deleting the cleartext directory. + +The USER must be logged out of all sessions in order to perform the migration, and have no open files according to \fBlsof\fP(1). + +Once the migration has completed, the USER must login immediately, \fbBEFORE THE NEXT REBOOT\fP in order to complete the migration. + +After logging in, if USER can read and write files in their home directory successfully, then the migration has completed successfully and can remove the cleartext backup in \fI/home/\fP. + +After a successful migration, the USER really must run \fBecryptfs-unwrap-passphrase\fP(1) or \fBzescrow\fP(1) and record their randomly generated mount passphrase. + +If swap is not already encrypted, it is highly recommended that your administrator setup encrypted swap using \fBecryptfs-setup-swap\fP(1). + +.SH SEE ALSO +\fBecryptfs-unwrap-passphrase\fP(1), \fBecryptfs-setup-private\fP(1), \fBecryptfs-setup-swap\fP(1), \fBlsof\fP(1), \fBrsync\fP(1), \fBzescrow\fP(1) + +\fIhttp://ecryptfs.org/\fP + +.SH AUTHOR +This manpage was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-mount-private.1 b/doc/manpage/ecryptfs-mount-private.1 new file mode 100644 index 0000000..ec4758f --- /dev/null +++ b/doc/manpage/ecryptfs-mount-private.1 @@ -0,0 +1,37 @@ +.TH ecryptfs-mount-private 1 2008-11-13 ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-mount-private \- interactive eCryptfs private mount wrapper script. + +.SH SYNOPSIS +\fBecryptfs-mount-private\fP + +.SH DESCRIPTION +\fBecryptfs-mount-private\fP is a wrapper script for the \fBmount.ecryptfs_private\fP utility that will interactively prompt for the user's login password, if necessary. + +.SH FILES +\fI~/.Private\fP - underlying directory containing encrypted data + +\fI~/Private\fP - mountpoint containing decrypted data (when mounted) + +\fI~/.ecryptfs/Private.sig\fP - file containing signature of mountpoint passphrase + +\fI~/.ecryptfs/wrapped-passphrase\fP - file containing the wrapped passphrase + +\fI~/.ecryptfs/wrapping-independent\fP - this file exists if the wrapping passphrase is independent from login passphrase + +.SH SEE ALSO +.PD 0 +.TP +\fBmount.ecryptfs_private\fP(1), \fBecryptfs-umount-private\fP(1) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage and the \fBecryptfs-mount-private\fP utility was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-recover-private.1 b/doc/manpage/ecryptfs-recover-private.1 new file mode 100644 index 0000000..a51bf99 --- /dev/null +++ b/doc/manpage/ecryptfs-recover-private.1 @@ -0,0 +1,33 @@ +.TH ecryptfs-recover-private 1 2010-12-17 ecryptfs-utils "eCryptfs" +.SH NAME +\fBecryptfs-recover-private\fP \- find and mount any encrypted private directories + +.SH SYNOPSIS +\fBecryptfs-recover-private\fP [--rw] [encrypted private dir] + +.SH DESCRIPTION +This utility is intended to help eCryptfs recover data from their encrypted home or encrypted private partitions. It is useful to run this from a LiveISO or a recovery image. It must run under \fBsudo\fP(8) or with root permission, in order to search the filesystem and perform the mounts. + +The program can take a target encrypted directory on the command line. If unspecified, the utility will search the entire system looking for encrypted private directories, as configured by \fBecryptfs-setup-private\fP(1). + +If an encrypted directory and a \fIwrapped-passphrase\fP file are found, the user is prompted for the login (wrapping) passphrase, the keys are inserted into the keyring, and the data is decrypted and mounted. + +If no \fIwrapped-passphrase\fP file is found, the user will be prompted for their mount passphrase. This passphrase is typically 32 characters of [0-9a-f]. All users are prompted to urgently record this randomly generated passphrase when they first setup their encrypted private directory. + +The destination mount of the decrypted data is a temporary directory, in the form of \fI/tmp/ecryptfs.XXXXXXXX\fP. + +By default, the mount will be read-only. To mount with read and write permission, add the --rw parameter. + +.SH SEE ALSO +\fBecryptfs-setup-private\fP(1), \fBsudo\fP(8) + +\fIhttp://blog.dustinkirkland.com/2009/03/mounting-your-encrypted-home-from.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-rewrap-passphrase.1 b/doc/manpage/ecryptfs-rewrap-passphrase.1 new file mode 100644 index 0000000..9005afb --- /dev/null +++ b/doc/manpage/ecryptfs-rewrap-passphrase.1 @@ -0,0 +1,28 @@ +.TH ecryptfs-rewrap-passphrase 1 2008-07-21 ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-rewrap-passphrase \- unwrap an eCryptfs wrapped passphrase, rewrap it with a new passphrase, and write it back to file. + +.SH SYNOPSIS +\fBecryptfs-rewrap-passphrase [file]\fP + +printf "%s\\n%s" "old wrapping passphrase" "new wrapping passphrase" | \fBecryptfs-rewrap-passphrase [file] -\fP + +.SH DESCRIPTION +\fBecryptfs-rewrap-passphrase\fP is a utility to change the wrapping passphrase on a wrapped passphrase file. + +.SH SEE ALSO +.PD 0 +.TP +\fBecryptfs\fP(7), \fBecryptfs-unwrap-passphrase\fP(1), \fBecryptfs-wrap-passphrase\fP(1) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-rewrite-file.1 b/doc/manpage/ecryptfs-rewrite-file.1 new file mode 100644 index 0000000..0b9ce81 --- /dev/null +++ b/doc/manpage/ecryptfs-rewrite-file.1 @@ -0,0 +1,33 @@ +.TH ecryptfs-rewrite-file 1 2009-03-20 ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-rewrite-file \- force a file to be rewritten (reencrypted) in the lower filesystem + +.SH SYNOPSIS +\fBecryptfs-rewrite-file [file1] [file2] [file3] ...\fP + +.SH DESCRIPTION +This script takes one or more files/directories/symlinks as arguments, moves each of them to a temporary file, and then moves them back to the original name. This causes the file to be rewritten (and reencrypted) in the lower filesystem. + +This script may be combined with \fBfind\fP(1) and \fBxargs\fP(1) to rewrite an entire eCryptfs mountpoint, unmount, and sync: + + find . -xdev -print0 | xargs -r -0 /usr/bin/ecryptfs-rewrite-file + ecryptfs-umount-private + sync + +It is advised that this script is executed in runlevel 1 or 3, to avoid simultanteous writes and race conditions with targeted files. + +\fBUSING THIS SCRIPT WHILE GNOME, KDE, OR OTHER APPLICATIONS ARE RUNNING MAY CAUSE DATA LOSS.\fP + +.SH SEE ALSO +.PD 0 +.TP +\fBfind\fP(1), \fBxargs\fP(1), \fBecryptfs-umount-private\fP(1), \fBsync\fP(1) + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-setup-private.1 b/doc/manpage/ecryptfs-setup-private.1 new file mode 100644 index 0000000..7d20961 --- /dev/null +++ b/doc/manpage/ecryptfs-setup-private.1 @@ -0,0 +1,98 @@ +.TH ecryptfs-setup-private 1 2008-11-17 ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-setup-private \- setup an eCryptfs private directory. + +.SH SYNOPSIS +.BI "ecryptfs-setup-private [\-f|\-\-force] [\-w|\-\-wrapping] [\-b|\-\-bootstrap] [\-n|\-\-no-fnek] [\-\-nopwcheck] [\-u|\-\-username USER] [\-l|\-\-loginpass LOGINPASS] [\-m|\-\-mountpass MOUNTPASS]" + +.SH OPTIONS +Options available for the \fBecryptfs-setup-private\fP command: +.TP +.B \-f, \-\-force +Force overwriting of an existing setup +.TP +.B \-w, \-\-wrapping +Use an independent wrapping passphrase, different from the login passphrase +.TP +.B \-u, \-\-username USER +User to setup, default is current user if omitted +.TP +.B \-l, \-\-loginpass LOGINPASS +System passphrase for USER, used to wrap MOUNTPASS, will interactively prompt if omitted +.TP +.B \-m, \-\-mountpass MOUNTPASS +Passphrase for mounting the ecryptfs directory, default is 16 bytes from /dev/urandom if omitted +.TP +.B \-b, \-\-bootstrap +Bootstrap a new user's entire home directory +.TP +.B \-\-undo +Display instructions on how to undo an encrypted private setup +.TP +.B \-n, \-\-no\-fnek +Do not encrypt filenames; otherwise, filenames will be encrypted on systems which support filename encryption +.TP +.B \-\-nopwcheck +Do not check the validity of the specified login password (useful for LDAP user accounts) +.TP +.B \-\-noautomount +Setup this user such that the encrypted private directory is not automatically mounted on login +.TP +.B \-\-noautoumount +Setup this user such that the encrypted private directory is not automatically unmounted at logout + + +.SH DESCRIPTION +\fBecryptfs-setup-private\fP is a program that sets up a private cryptographic mountpoint for a non-root user. + +Be sure to properly escape your parameters according to your shell's special character nuances, and also surround the parameters by double quotes, if necessary. Any of the parameters may be: + + 1) exported as environment variables + 2) specified on the command line + 3) left empty and interactively prompted + +\fBThe user SHOULD ABSOLUTELY RECORD THE MOUNT PASSPHRASE AND STORE IN A SAFE LOCATION. If the mount passphase file is lost, or the mount passphrase is forgotten, THERE IS NO WAY TO RECOVER THE ENCRYPTED DATA.\fP + +Using the values of USER, MOUNTPASS, and LOGINPASS, \fBecryptfs-setup-private\fP will: + - Create ~/.Private (permission 700) + - Create ~/Private (permission 500) + - Backup any existing wrapped passphrases + - Use LOGINPASS to wrap and encrypt MOUNTPASS + - Write to ~/.ecryptfs/wrapped-passphrase + - Add the passphrase to the current keyring + - Write the passphrase signature to ~/.ecryptfs/Private.sig + - Test the cryptographic mount with a few reads and writes + +The system administrator can add the pam_ecryptfs.so module to the PAM stack which will automatically use the login passphrase to unwrap the mount passphrase, add the passphrase to the user's kernel keyring, and automatically perform the mount. See \fPpam_ecryptfs\fP(8). + +.SH FILES +\fI~/.ecryptfs/auto-mount\fP + +\fI~/.Private\fP - underlying directory containing encrypted data + +\fI~/Private\fP - mountpoint containing decrypted data (when mounted) + +\fI~/.ecryptfs/Private.sig\fP - file containing signature of mountpoint passphrase + +\fI~/.ecryptfs/Private.mnt\fP - file containing path of the private directory mountpoint + +\fI~/.ecryptfs/wrapped-passphrase\fP - file containing the mount passphrase, wrapped with the login passphrase + +\fI~/.ecryptfs/wrapping-independent\fP - this file exists if the wrapping passphrase is independent from login passphrase + +.SH SEE ALSO +.PD 0 +.TP +\fBecryptfs-rewrap-passphrase\fP(1), \fBmount.ecryptfs_private\fP(1), \fBpam_ecryptfs\fP(8), \fBumount.ecryptfs_private\fP(1) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage and the \fBecryptfs-setup-private\fP utility was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-setup-swap.1 b/doc/manpage/ecryptfs-setup-swap.1 new file mode 100644 index 0000000..7104436 --- /dev/null +++ b/doc/manpage/ecryptfs-setup-swap.1 @@ -0,0 +1,29 @@ +.TH ecryptfs-setup-swap 1 2009-08-17 ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-setup-swap \- ensure that any swap space is encrypted + +.SH SYNOPSIS +\fBecryptfs-setup-swap\fP [-f|--force] + +.SH DESCRIPTION +This script will detect existing swap partitions or swap files, and encrypt them, using cryptsetup. + +Encrypted swap is essential to securing any system using eCryptfs, since decrypted file contents will exist in the system's memory, which may be swapped to disk at any time. If the system swap space is not also encrypted, it is possible that decrypted files could be written to disk in clear text. + +Note that most Linux distributions do not yet support resuming from an encrypted swap space, and thus hibernate/resume will not work. Suspend/resume is unaffected. + +Upon running the utility, the user will be informed of the hibernate/resume break, and asked to confirm the behavior. The -f|--force option can be used to bypass this interactive prompt. + +.SH SEE ALSO +.PD 0 +.TP +\fBcryptsetup\fP(8) + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage and the utility was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-stat.1 b/doc/manpage/ecryptfs-stat.1 new file mode 100644 index 0000000..458a3fb --- /dev/null +++ b/doc/manpage/ecryptfs-stat.1 @@ -0,0 +1,17 @@ +.TH ecryptfs-stat 1 2009-08-17 ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-stat \- Present statistics on encrypted eCryptfs file attributes + +.SH SYNOPSIS +\fBecryptfs-stat\fP filename + +.SH DESCRIPTION +This program will present statistics on encrypted eCryptfs file and its attributes. + +.SH SEE ALSO +\fIhttp://ecryptfs.org/\fP + +.SH AUTHOR +This manpage was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-umount-private.1 b/doc/manpage/ecryptfs-umount-private.1 new file mode 100644 index 0000000..8c641bc --- /dev/null +++ b/doc/manpage/ecryptfs-umount-private.1 @@ -0,0 +1,28 @@ +.TH ecryptfs-umount-private 1 2008-11-03 ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-umount-private \- eCryptfs private unmount wrapper script. + +.SH SYNOPSIS +\fBecryptfs-umount-private\fP + +.SH DESCRIPTION +\fBecryptfs-umount-private\fP is a wrapper script for the \fBumount.ecryptfs_private\fP utility. + +It will unmount the user's private directory and clear any associated keys from the user's kernel keyring. + +.SH SEE ALSO +.PD 0 +.TP +\fBecryptfs-mount-private\fP(1), \fBumount.ecryptfs_private\fP(1) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage and the \fBecryptfs-umount-private\fP utility was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-unwrap-passphrase.1 b/doc/manpage/ecryptfs-unwrap-passphrase.1 new file mode 100644 index 0000000..d7d5d4a --- /dev/null +++ b/doc/manpage/ecryptfs-unwrap-passphrase.1 @@ -0,0 +1,28 @@ +.TH ecryptfs-unwrap-passphrase 1 2008-07-21 ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-unwrap-passphrase \- unwrap an eCryptfs mount passphrase from file. + +.SH SYNOPSIS +\fBecryptfs-unwrap-passphrase [file]\fP + +printf "%s" "wrapping passphrase" | \fBecryptfs-unwrap-passphrase [file] -\fP + +.SH DESCRIPTION +\fBecryptfs-unwrap-passphrase\fP is a utility to unwrap an eCryptfs mount passphrase from file, using a specified wrapping passphrase, and display the decrypted result on standard out. + +.SH SEE ALSO +.PD 0 +.TP +\fBecryptfs\fP(7), \fBecryptfs-rewrap-passphrase\fP(1), \fBecryptfs-wrap-passphrase\fP(1) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-verify.1 b/doc/manpage/ecryptfs-verify.1 new file mode 100644 index 0000000..7feddd9 --- /dev/null +++ b/doc/manpage/ecryptfs-verify.1 @@ -0,0 +1,37 @@ +.TH ecryptfs-verify 1 2012-01-24 ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-verify \- validate an eCryptfs encrypted home or encrypted private configuration + +.SH SYNOPSIS +\fBecryptfs-verify\fP [-h|--home] [-p|--private] [-e|--filenames-encrypted] [-n|--filenames-not-encrypted] [-u|--user USER] [--help] + +.SH OPTIONS +.TP +.B -h, --home +True if HOME is correctly configured for encryption, False otherwise +.TP +.B -p, --private +True if a non-HOME directory is correctly configured for encryption, False otherwise +.TP +.B -e, --filenames-encrypted +True if filenames are set for encryption, False otherwise +.TP +.B -n, --filenames-not-encrypted +True if filenames are not encrypted, False otherwise +.TP +.B -u, --user USER +By default, the current user's configuration is checked, override with this option +.TP +.B --help +This usage information + +.SH DESCRIPTION +Note that options are additive. ALL checks must pass in order for this program to exit 0. Any failing check will cause this program to exit non-zero. + +.SH SEE ALSO +\fIhttp://ecryptfs.org/\fP + +.SH AUTHOR +This manpage was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs-wrap-passphrase.1 b/doc/manpage/ecryptfs-wrap-passphrase.1 new file mode 100644 index 0000000..1040e3b --- /dev/null +++ b/doc/manpage/ecryptfs-wrap-passphrase.1 @@ -0,0 +1,28 @@ +.TH ecryptfs-wrap-passphrase 1 2008-07-21 ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfs-wrap-passphrase \- wrap an eCryptfs mount passphrase. + +.SH SYNOPSIS +\fBecryptfs-wrap-passphrase [file]\fP + +printf "%s\\n%s" "passphrase to wrap" "wrapping passphrase" | \fBecryptfs-wrap-passphrase [file] -\fP + +.SH DESCRIPTION +\fBecryptfs-wrap-passphrase\fP is a utility to wrap an eCryptfs mount passphrase, using a specified wrapping passphrase, and write the encrypted output to file. + +.SH SEE ALSO +.PD 0 +.TP +\fBecryptfs\fP(7), \fBecryptfs-rewrap-passphrase\fP(1), \fBecryptfs-unwrap-passphrase\fP(1) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfs.7 b/doc/manpage/ecryptfs.7 new file mode 100644 index 0000000..4f64fe4 --- /dev/null +++ b/doc/manpage/ecryptfs.7 @@ -0,0 +1,130 @@ +.TH ecryptfs 7 2009-03-24 ecryptfs-utils "eCryptfs" +.SH NAME +eCryptfs \- an enterprise-class cryptographic filesystem for linux + +.SH SYNOPSIS +.BI "mount -t ecryptfs [SRC DIR] [DST DIR] -o [OPTIONS]" + +.SH DESCRIPTION +eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux. It is derived from Erez Zadok's Cryptfs, implemented through the FiST framework for generating stacked filesystems. eCryptfs extends Cryptfs to provide advanced key management and policy features. eCryptfs stores cryptographic metadata in the header of each file written, so that encrypted files can be copied between hosts; the file will be decryptable with the proper key, and there is no need to keep track of any additional information aside from what is already in the encrypted file itself. Think of eCryptfs as a sort of "gnupgfs." + +.SH OPTIONS + +KERNEL OPTIONS + + Parameters that apply to the eCryptfs kernel module. + +.TP +.B ecryptfs_sig=(fekek_sig) +Specify the signature of the mount wide authentication token. The authentication token must be in the kernel keyring before the mount is performed. ecryptfs-manager or the eCryptfs mount helper can be used to construct the authentication token and add it to the keyring prior to mounting. +.TP +.B ecryptfs_fnek_sig=(fnek_sig) +Specify the signature of the mount wide authentication token used for filename crypto. The authentication must be in the kernel keyring before mounting. +.TP +.B ecryptfs_cipher=(cipher) +Specify the symmetric cipher to be used on a per file basis +.TP +.B ecryptfs_key_bytes=(key_bytes) +Specify the keysize to be used with the selected cipher. If the cipher only has one keysize the keysize does not need to be specified. +.TP +.B ecryptfs_passthrough +Allows for non-eCryptfs files to be read and written from within an eCryptfs mount. This option is turned off by default. +.TP +.B no_sig_cache +Do not check the mount key signature against the values in the user's ~/.ecryptfs/sig-cache.txt file. This is useful for such things as non-interactive setup scripts, so that the mount helper does not stop and prompt the user in the event that the key sig is not in the cache. +.TP +.B ecryptfs_encrypted_view +This option provides a unified encrypted file format of the eCryptfs files in the lower mount point. Currently, it is only useful if the lower mount point contains files with the metadata stored in the extended attribute. Upon a file read in the upper mount point, the encrypted version of the file will be presented with the metadata in the file header instead of the xattr. Files cannot be opened for writing when this option is enabled. +.TP +.B ecryptfs_xattr +Store the metadata in the extended attribute of the lower files rather than the header region of the lower files. +.TP +.B verbose +Log ecryptfs information to /var/log/messages. Do not run eCryptfs in verbose-mode unless you are doing so for the sole purpose of development, since secret values will be written out to the system log in that case. +.TP + +MOUNT HELPER OPTIONS + +Parameters that apply to the eCryptfs mount helper. + +.TP +.B key=(keytype):[KEY MODULE OPTIONS] +Specify the type of key to be used when mounting eCryptfs. +.TP +.B ecryptfs_enable_filename_crypto=(y/n) +Specify whether filename encryption should be enabled. If not, the mount helper will not prompt the user for the filename encryption key signature (default). +.TP +.B verbosity=0/1 +If verbosity=1, the mount helper will ask you for missing values (default). Otherwise, if verbosity=0, it will not ask for missing values and will fail if required values are omitted. +.TP + +KEY MODULE OPTIONS + +Parameters that apply to individual key modules have the alias for the key module in the prefix of the parameter name. Key modules are pluggable, and which key modules are available on any given system is dependent upon whatever happens to be installed in /usr/lib*/ecryptfs/. + +.TP +.B passphrase_passwd=(passphrase) +The actual password is passphrase. Since the password is visible to utilities (like ps under Unix) this form should only be used where security is not important. +.TP +.B passphrase_passwd_file=(filename) +The password should be specified in a file with passwd=(passphrase). It is highly recommended that the file be stored on a secure medium such as a personal usb key. +.TP +.B passphrase_passwd_fd=(file descriptor) +The password is specified through the specified file descriptor. +.TP +.B passphrase_salt=(hex value) +The salt should be specified as a 16 digit hex value. +.TP +.B openssl_keyfile=(filename) +The filename should be the filename of a file containing an RSA SSL key. +.TP +.B openssl_passwd_file=(filename) +The password should be specified in a file with openssl_passwd=(openssl-password). It is highly recommended that the file be stored on a secure medium such as a personal usb key. +.TP +.B openssl_passwd_fd=(file descriptor) +The password is specified through the specified file descriptor. +.TP +.B openssl_passwd=(password) +The password can be specified on the command line. Since the password is +visible in the process list, it is highly recommended to use this option +only for testing purposes. + +.SH EXAMPLE + +.PP + +The following command will layover mount eCryptfs on /secret with a passphrase contained in a file stored on secure media mounted at /mnt/usb/. + +\fBmount -t ecryptfs -o key=passphrase:passphrase_passwd_file=/mnt/usb/file.txt /secret /secret\fP + +.PP + +Where file.txt contains the contents +\fB"passphrase_passwd=[passphrase]"\fP. + +.SH SEE ALSO +.PD 0 +.TP +\fBmount\fP(8) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH NOTES +Do not run eCryptfs in verbose-mode unless you are doing so for the sole purpose of development, since secret values will be written out to the system log in that case. Make certain that your eCryptfs mount covers all locations where your applications may write sensitive data. In addition, use dm-crypt to encrypt your swap space with a random key on boot, or see \fBecryptfs-setup-swap\fP(1). + +Passphrases have a maximum length of 64 characters. + +.SH BUGS +Please post bug reports to the eCryptfs bug tracker on Launchpad.net: https://bugs.launchpad.net/ecryptfs/+filebug. + +For kernel bugs, please follow the procedure detailed in Documentation/oops-tracing.txt to help us figure out what is happening. + +.SH AUTHOR +This manpage was (re-)written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/ecryptfsd.8 b/doc/manpage/ecryptfsd.8 new file mode 100644 index 0000000..d6cf5c3 --- /dev/null +++ b/doc/manpage/ecryptfsd.8 @@ -0,0 +1,25 @@ +.TH ecryptfsd 8 "May 2007" ecryptfs-utils "eCryptfs" +.SH NAME +ecryptfsd \- user\-space eCryptfs daemon. + +.SH DESCRIPTION +\fBecryptfsd\fP is a userspace daemon that runs as the user performing file operations under the eCryptfs mount point. It services public key requests from the eCryptfs kernel module; these requests are sent via /dev/ecryptfs on file open events. ecryptfsd only needs to be run when a mount is done with a public key module. + +The daemon can be started simply by running \fIecryptfsd\fP. ecryptfsd will register itself with the kernel as the daemon that should service all eCryptfs filesystem requests done under the context of the user who runs the daemon. + +.SH "SEE ALSO" +.PD 0 +.TP +\fBecryptfs\fP(7), \fBecryptfs-manager\fP(8), \fBmount.ecryptfs\fP(8) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage was written by William Lima <wlima.amadeus@gmail.com> for the Ubuntu system (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/mount.ecryptfs.8 b/doc/manpage/mount.ecryptfs.8 new file mode 100644 index 0000000..08d6abb --- /dev/null +++ b/doc/manpage/mount.ecryptfs.8 @@ -0,0 +1,28 @@ +.TH mount.ecryptfs 8 "May 2007" ecryptfs-utils "eCryptfs" +.SH NAME +mount.ecryptfs \- eCryptfs mount helper. + +.SH SYNOPSIS +\fBmount \-t ecryptfs\fP [\fIlower\ directory\fP] [\fIecryptfs\ mount\ point\fP] + +.SH DESCRIPTION +\fBmount.ecryptfs\fP is eCryptfs mount helper. The mount utility will defer to the mount helper to perform various configuration tasks; use the -i option to bypass the mount helper if you would rather manually specify your mount options. To mount eCryptfs, specify the lower directory (i.e., /root/crypt) for the encrypted files and the eCryptfs mountpoint (i.e., /mnt/crypt) for the decrypted view of the files: + +\fImount \-t ecryptfs /root/crypt /mnt/crypt\fP + +.SH "SEE ALSO" +.PD 0 +.TP +\fBecryptfs\fP(7), \fBecryptfsd\fP(8), \fBecryptfs-manager\fP(8), \fBmount\fP(8) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage was written by William Lima <wlima.amadeus@gmail.com> for the Ubuntu system (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/mount.ecryptfs_private.1 b/doc/manpage/mount.ecryptfs_private.1 new file mode 100644 index 0000000..c3510fb --- /dev/null +++ b/doc/manpage/mount.ecryptfs_private.1 @@ -0,0 +1,65 @@ +.TH mount.ecryptfs_private 1 2008-07-21 ecryptfs-utils "eCryptfs" +.SH NAME +mount.ecryptfs_private \- eCryptfs private mount helper. + +.SH SYNOPSIS +\fBmount.ecryptfs_private [ALIAS]\fP + +\fBNOTE:\fP This program will \fBnot\fP dynamically load the relevant keys. For this reason, it is recommended that users use \fBecryptfs-mount-private\fP(1) instead! + +.SH DESCRIPTION +\fBmount.ecryptfs_private\fP is a mount helper utility for non-root users to cryptographically mount a private directory, ~/Private by default. + +This program optionally takes one argument, ALIAS. If ALIAS is omitted, the program will default to using "Private" using: + - $HOME/.Private as the SOURCE + - $HOME/Private as the DESTINATION + - $HOME/.ecryptfs/Private.sig for the key signatures. + +If ALIAS is specified, then the program will look for an \fBfstab\fP(5) style configuration in: + - $HOME/.ecryptfs/ALIAS.conf +and for key signature(s) in: + - $HOME/.ecryptfs/ALIAS.sig + +The mounting will proceed if, and only if: + - the required passphrase is in their kernel keyring, and + - the current user owns both the SOURCE and DESTINATION mount points + - the DESTINATION is not already mounted + +This program will: + - mount SOURCE onto DESTINATION + - as an ecryptfs filesystem + - using the AES cipher + - with a key length of 16 bytes + - using the passphrase whose signature is in ~/.ecryptfs/Private.sig + +The only setuid operation in this program is the call to \fBmount\fP(8) or \fBumount\fP(8). + +The \fBecryptfs-setup-private\fP(1) utility will create the ~/.Private and ~/Private directories, generate a mount passphrase, wrap the passphrase, and write the ~/.ecryptfs/Private.sig. + +The system administrator can add the pam_ecryptfs.so module to the PAM stack which will automatically use the login passphrase to unwrap the mount passphrase, add the passphrase to the user's kernel keyring, and automatically perform the mount. See \fBpam_ecryptfs\fP(8). + +.SH FILES +\fI~/.Private\fP - underlying directory containing encrypted data + +\fI~/Private\fP - mountpoint containing decrypted data (when mounted) + +\fI~/.ecryptfs/Private.sig\fP - file containing signature of mountpoint passphrase + +\fI~/.ecryptfs/wrapped-passphrase\fP - mount passphrase, encrypted with the login passphrase + +.SH SEE ALSO +.PD 0 +.TP +\fBecryptfs\fP(7), \fBecryptfs-rewrap-passphrase\fP(1), \fBecryptfs-setup-private\fP(1), \fBkeyctl\fP(1), \fBmount\fP(8), \fBumount.ecryptfs_private\fP(1), \fBpam_ecryptfs\fP(8), \fBfstab\fP(5) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage and the \fBmount.ecryptfs_private\fP utility was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/pam_ecryptfs.8 b/doc/manpage/pam_ecryptfs.8 new file mode 100644 index 0000000..7f53e1d --- /dev/null +++ b/doc/manpage/pam_ecryptfs.8 @@ -0,0 +1,58 @@ +.TH pam_ecryptfs "8" "2008-07-21" "Linux\-PAM Manual" "Linux\-PAM Manual" +.SH "NAME" +pam_ecryptfs \- PAM module for eCryptfs +.SH "SYNOPSIS" +.HP 12 +\fBpam_ecryptfs.so\fR [unwrap] +.SH "DESCRIPTION" +.PP +pam_ecryptfs is a PAM module that can use the login password to unwrap an ecryptfs mount passphrase stored in ~/.ecryptfs/wrapped-passphrase, and automatically mount a private cryptographic directory. +.SH "OPTIONS" +.PP +.TP 3n +\fBunwrap\fR +Use the login passphrase to unwrap an eCryptfs mount passphrase. +.TP 3n +.SH "MODULE SERVICES PROVIDED" +.PP +The services \fBauth\fR, and \fBsession\fR are supported. +.SH "EXAMPLES" +.PP +To unwrap a mount passphrase and automatically mount a private directory on login, add the following lines to + +\fI/etc/pam.d/common-auth\fR: +.sp +.RS 3n +.nf + auth required pam_ecryptfs.so unwrap +.fi +.RE +.sp +\fI/etc/pam.d/common-session\fR: +.sp +.RS 3n +.nf + session optional pam_ecryptfs.so unwrap +.fi +.RE +.sp + +.SH "SEE ALSO" +.PP +\fBecryptfs\fR(7), +\fBpam.conf\fR(5), +\fBpam.d\fR(8), +\fBpam\fR(8) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. + diff --git a/doc/manpage/umount.ecryptfs.8 b/doc/manpage/umount.ecryptfs.8 new file mode 100644 index 0000000..9b26db1 --- /dev/null +++ b/doc/manpage/umount.ecryptfs.8 @@ -0,0 +1,23 @@ +.TH umount.ecryptfs 8 2009-08-17 ecryptfs-utils "eCryptfs" +.SH NAME +umount.ecryptfs \- eCryptfs umount helper. + +.SH SYNOPSIS +\fBumount\fP [\fIecryptfs\ mount\ point\fP] + +.SH DESCRIPTION +\fBumount.ecryptfs\fP is an eCryptfs umount helper, that will also unlink keys from the keyring. + +.SH "SEE ALSO" +.PD 0 +.TP +\fBmount.ecryptfs\fP(8), \fBmount\fP(8) + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. diff --git a/doc/manpage/umount.ecryptfs_private.1 b/doc/manpage/umount.ecryptfs_private.1 new file mode 100644 index 0000000..3c6f79a --- /dev/null +++ b/doc/manpage/umount.ecryptfs_private.1 @@ -0,0 +1,56 @@ +.TH umount.ecryptfs_private 1 "2008-07-21" ecryptfs-utils "eCryptfs" +.SH NAME +umount.ecryptfs_private \- eCryptfs private unmount helper. + +.SH SYNOPSIS +\fBumount.ecryptfs_private\fP [\-f] + +\fBNOTE:\fP This program will \fBnot\fP clear the relevant keys from the user's keyring. For this reason, it is recommended that users use \fBecryptfs-umount-private\fP(1) instead! + +.SH OPTIONS +Options available for the \fBumount.ecryptfs_private\fP command: +.TP +.B \-f +Force the unmount, ignoring the value of the mount counter in \fI/tmp/ecryptfs-USERNAME-Private\fP + +.SH DESCRIPTION +\fBumount.ecryptfs_private\fP is a mount helper utility for non-root users to unmount a cryptographically mounted private directory, ~/Private. + +If, and only if: + - the private mount passphrase is in their kernel keyring, and + - the current user owns both ~/.Private and ~/Private, and + - ~/.Private is currently mounted on ~/Private + - the mount counter is 0 (counter is ignored if \-f option is used) + +This program will: + - unmount ~/Private + +The only setuid operationis in this program are the call to \fBumount\fP and updating \fB/etc/mtab\fP. + +The system administrator can add the pam_ecryptfs.so module to the PAM stack and automatically perform the unmount on logout. See \fBpam_ecryptfs\fP(8). + +.SH FILES +\fI~/.Private\fP - underlying directory containing encrypted data + +\fI~/Private\fP - mountpoint containing decrypted data (when mounted) + +\fI~/.ecryptfs/Private.sig\fP - file containing signature of mountpoint passphrase + +\fI/tmp/ecryptfs-USERNAME-Private\fP - file containing the mount counter, incremented on each mount, decremented on each unmount + +.SH SEE ALSO +.PD 0 +.TP +\fBecryptfs\fP(7), \fBecryptfs-setup-private\fP(1), \fBkeyctl\fP(1), \fBmount\fP(8), \fBmount.ecryptfs_private\fP(1), \fBpam_ecryptfs\fP(8) + +.TP +\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP + +.TP +\fIhttp://ecryptfs.org/\fP +.PD + +.SH AUTHOR +This manpage and the \fBumount.ecryptfs_private\fP utility was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. + +On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. |