mirrors
/
enchive
mirror of https://github.com/skeeto/enchive.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix up README.

pull/2/head
Christopher Wellons 2017-03-08 12:28:33 -05:00
parent 91d13edd2f
commit b0fe47d3e1
1 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@ -56,20 +56,22 @@ archive key in your brain! To access this feature, use the `--derive`
$ enchive keygen --derive
There's an optional argument to `--derive` that controls the number of
key derivation iterations (e.g. `--derive=26`). The default is 24.
This is a power two exponent, so every increment doubles the cost.
key derivation iterations (e.g. `--derive=26`). The default is 29.
This is a power two exponent, so every increment doubles the cost both
in memory and computational demands.
If you want to change your protection passphrase, use the `--edit`
option with `keygen`. It will load the secret key as if it were going
to "extract" an archive, then write it back out with the new options.
This mode will also regenerate the public key file.
This mode will also regenerate the public key file whether or not it
exists.
Enchive has a built-in protection key agent that keeps the protection
key in memory for a configurable period of time (default: 15 minutes)
after a protection passphrase has been read. This allows any files to
be decrypted inside this window with only a single passphrase prompt.
Use the `--agent` (`-a`) global option to enable it. If it's enabled
by default, use `--no-agent` to turn it off.
after a protection passphrase has been read. This allows many files to
be decrypted inside a brief window with only a single passphrase
prompt. Use the `--agent` (`-a`) global option to enable it. If it's
enabled by default, use `--no-agent` to turn it off.
$ enchive --agent extract file.enchive
@ -86,6 +88,10 @@ change, including the key derivation algorithm.
There's no effort at error recovery. It bails out on early on the
first error. It should clean up any incomplete files when it does so.
A purposeful design choice is that encrypted/archived files have no
distinguishing marks whatsoever (magic numbers, etc.), making them
indistinguishable from random data.
No effort is made to set stdin and stdout to binary mode. For Windows
this means passing data through Enchive using stdin/stdout isn't
useful. This is low priority because Microsoft's [UCRT file streams