mirror of https://github.com/skeeto/enchive.git
323 lines
8.7 KiB
HTML
323 lines
8.7 KiB
HTML
<!-- Creator : groff version 1.22.3 -->
|
|
<!-- CreationDate: Tue Jan 23 19:46:35 2018 -->
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
|
|
"http://www.w3.org/TR/html4/loose.dtd">
|
|
<html>
|
|
<head>
|
|
<meta name="generator" content="groff -Thtml, see www.gnu.org">
|
|
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
|
|
<meta name="Content-Style" content="text/css">
|
|
<style type="text/css">
|
|
p { margin-top: 0; margin-bottom: 0; vertical-align: top }
|
|
pre { margin-top: 0; margin-bottom: 0; vertical-align: top }
|
|
table { margin-top: 0; margin-bottom: 0; vertical-align: top }
|
|
h1 { text-align: center }
|
|
</style>
|
|
<link rel="stylesheet" content="text/css" href="man.css"/>
|
|
<title>ENCHIVE</title>
|
|
|
|
</head>
|
|
<body>
|
|
|
|
<h1 align="center">ENCHIVE</h1>
|
|
|
|
<a href="#NAME">NAME</a><br>
|
|
<a href="#SYNOPSIS">SYNOPSIS</a><br>
|
|
<a href="#DESCRIPTION">DESCRIPTION</a><br>
|
|
<a href="#OPTIONS">OPTIONS</a><br>
|
|
<a href="#COMMANDS">COMMANDS</a><br>
|
|
<a href="#ENVIRONMENT">ENVIRONMENT</a><br>
|
|
<a href="#FILES">FILES</a><br>
|
|
<a href="#EXAMPLES">EXAMPLES</a><br>
|
|
<a href="#SEE ALSO">SEE ALSO</a><br>
|
|
|
|
<hr>
|
|
|
|
|
|
<h2>NAME
|
|
<a name="NAME"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">enchive -
|
|
personal archive encryption</p>
|
|
|
|
<h2>SYNOPSIS
|
|
<a name="SYNOPSIS"></a>
|
|
</h2>
|
|
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
cellspacing="0" cellpadding="0">
|
|
<tr valign="top" align="left">
|
|
<td width="11%"></td>
|
|
<td width="11%">
|
|
|
|
|
|
<p style="margin-top: 1em"><b>enchive</b></p></td>
|
|
<td width="1%"></td>
|
|
<td width="77%">
|
|
|
|
|
|
<p style="margin-top: 1em">[-<b>a</b>|<b>-A</b>]
|
|
[-<b>e</b>] [<b>-p </b><i>pubkey</i>]
|
|
[<b>-s </b><i>seckey</i>] [<b>--version</b>]
|
|
[<b>--help</b>]</p> </td></tr>
|
|
</table>
|
|
|
|
<p style="margin-left:23%;"><b>keygen</b>
|
|
[<b>-d</b>[<i>N</i>]] [<b>-e</b>] [<b>-f</b>] [<b>-i</b>]
|
|
[<b>-k </b><i>N</i>] [<b>-u</b>] <b><br>
|
|
archive</b> [<b>-d</b>] <b><br>
|
|
extract</b> [<b>-d</b>] <b><br>
|
|
fingerprint</b></p>
|
|
|
|
<h2>DESCRIPTION
|
|
<a name="DESCRIPTION"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>enchive</b>
|
|
is a program to encrypt files to yourself for long-term
|
|
archival. It’s a focused, simple alternative to more
|
|
complex tools such as GnuPG or encrypted filesystems. Like
|
|
GnuPG, you can safely encrypt files on systems that you
|
|
don’t trust with your secret key.</p>
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Files are
|
|
secured with ChaCha20, Curve25519, and HMAC-SHA256.</p>
|
|
|
|
<h2>OPTIONS
|
|
<a name="OPTIONS"></a>
|
|
</h2>
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>-a</b><i>seconds</i>,
|
|
<b>--agent</b>[=<i>seconds</i>]</p>
|
|
|
|
<p style="margin-left:22%;">Runs the key agent for awhile
|
|
after successfully reading the passphrase. The agent will
|
|
remain resident in memory until a period of inactivity
|
|
passes. Default is 900 seconds (15 minutes).</p>
|
|
|
|
<p style="margin-left:11%;"><b>-A, --no-agent</b></p>
|
|
|
|
<p style="margin-left:22%;">Do not start the key agent
|
|
(default).</p>
|
|
|
|
<p style="margin-left:11%;"><b>-e</b><i>program</i>,
|
|
<b>--pinentry</b>[=<i>program</i>]</p>
|
|
|
|
<p style="margin-left:22%;">Read passphrases using the
|
|
system’s pinentry program. By default Enchive uses the
|
|
program named "pinentry".</p>
|
|
|
|
<p style="margin-left:11%;"><b>-p, --pubkey</b>
|
|
<i>file</i></p>
|
|
|
|
<p style="margin-left:22%;">Specifies the public key file
|
|
to use for encryption.</p>
|
|
|
|
<p style="margin-left:11%;"><b>-s, --seckey</b>
|
|
<i>file</i></p>
|
|
|
|
<p style="margin-left:22%;">Specifies the secret key file
|
|
to use for decryption.</p>
|
|
|
|
<p style="margin-left:11%;"><b>--version</b></p>
|
|
|
|
<p style="margin-left:22%;">Print version information.</p>
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
cellspacing="0" cellpadding="0">
|
|
<tr valign="top" align="left">
|
|
<td width="11%"></td>
|
|
<td width="9%">
|
|
|
|
|
|
<p><b>--help</b></p></td>
|
|
<td width="2%"></td>
|
|
<td width="72%">
|
|
|
|
|
|
<p>Print a synopsis of the command line interface.</p></td>
|
|
<td width="6%">
|
|
</td></tr>
|
|
</table>
|
|
|
|
<h2>COMMANDS
|
|
<a name="COMMANDS"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Any unique
|
|
prefix for a command is accepted. For example, the command
|
|
<b>a</b> would mean <b>archive</b>. <b><br>
|
|
keygen</b> [<i>OPTION</i>]...</p>
|
|
|
|
<p style="margin-left:22%;">Generates a new keypair either
|
|
from system entropy or a passphrase.</p>
|
|
|
|
<p style="margin-left:17%;"><b>-d</b>[<i>N</i>],
|
|
<b>--derive</b>[=<i>N</i>]</p>
|
|
|
|
<p style="margin-left:28%;">Derives the secret key from a
|
|
passphrase. The key will be derived from the passphrase
|
|
using difficulty exponent <i>N</i>. Default is 29.</p>
|
|
|
|
<p style="margin-left:17%;"><b>-e</b>, <b>--edit</b></p>
|
|
|
|
<p style="margin-left:28%;">Edits the protection passphrase
|
|
on an existing key. This also regenerates the public key
|
|
file from the secret key.</p>
|
|
|
|
<p style="margin-left:17%;"><b>-f</b>, <b>--force</b></p>
|
|
|
|
<p style="margin-left:28%;">Overwrites any existing keypair
|
|
without prompting.</p>
|
|
|
|
<p style="margin-left:17%;"><b>-i</b>,
|
|
<b>--fingerprint</b></p>
|
|
|
|
<p style="margin-left:28%;">Prints the public key
|
|
fingerprint after generation or editing.</p>
|
|
|
|
<p style="margin-left:17%;"><b>-k</b> <i>N</i>,
|
|
<b>--iterations</b> <i>N</i></p>
|
|
|
|
<p style="margin-left:28%;">Sets the difficulty exponent
|
|
for deriving the protection key from the protection key
|
|
passphrase. Default is 25.</p>
|
|
|
|
<p style="margin-left:17%;"><b>-u</b>, <b>--plain</b></p>
|
|
|
|
<p style="margin-left:28%;">Do not use a protection key,
|
|
and instead store the secret key unencrypted on the disk.
|
|
Consider using the key agent instead of this option.</p>
|
|
|
|
<p style="margin-left:11%;"><b>archive</b>
|
|
[<b>-d</b>|<b>--delete</b>] [<i>INPUT</i>
|
|
[<i>OUTPUT</i>]]</p>
|
|
|
|
<p style="margin-left:22%;">Encrypts a single file for
|
|
archival using only the public key. If no output filename is
|
|
given, the output filename will be the input filename with a
|
|
<b>.enchive</b> suffix. Except for <b>--delete</b>, the
|
|
original file is untouched. If no filenames are given,
|
|
encrypts standard input to standard output.</p>
|
|
|
|
<p style="margin-left:17%;"><b>-d</b>, <b>--delete</b></p>
|
|
|
|
<p style="margin-left:28%;">Delete the original input file
|
|
after success.</p>
|
|
|
|
<p style="margin-left:11%;"><b>extract</b>
|
|
[<b>-d</b>|<b>--delete</b>] [<i>INPUT</i>
|
|
[<i>OUTPUT</i>]]</p>
|
|
|
|
<p style="margin-left:22%;">Decrypt a single file from
|
|
archival using the secret key. If no output filename is
|
|
given, the output filename will be the input filename with
|
|
the <b>.enchive</b> suffix removed. Without an output
|
|
filename, it is an error for the input to lack this suffix.
|
|
If no filenames are given, decrypt standard input to
|
|
standard output.</p>
|
|
|
|
<p style="margin-left:17%;"><b>-d</b>, <b>--delete</b></p>
|
|
|
|
<p style="margin-left:28%;">Delete the original input file
|
|
after success.</p>
|
|
|
|
<p style="margin-left:11%;"><b>fingerprint</b></p>
|
|
|
|
<p style="margin-left:22%;">Print the public key
|
|
fingerprint to standard output.</p>
|
|
|
|
<h2>ENVIRONMENT
|
|
<a name="ENVIRONMENT"></a>
|
|
</h2>
|
|
|
|
|
|
<table width="100%" border="0" rules="none" frame="void"
|
|
cellspacing="0" cellpadding="0">
|
|
<tr valign="top" align="left">
|
|
<td width="11%"></td>
|
|
<td width="9%">
|
|
|
|
|
|
<p style="margin-top: 1em"><b>TMPDIR</b></p></td>
|
|
<td width="2%"></td>
|
|
<td width="78%">
|
|
|
|
|
|
<p style="margin-top: 1em">If $XDG_RUNTIME_DIR is unset,
|
|
the directory in which to create the agent socket. Default
|
|
is /tmp.</p></td></tr>
|
|
</table>
|
|
|
|
<p style="margin-left:11%;"><b>XDG_CONFIG_HOME</b></p>
|
|
|
|
<p style="margin-left:22%;">The directory under which keys
|
|
will be created and read. Default is $HOME/.config.</p>
|
|
|
|
<p style="margin-left:11%;"><b>XDG_RUNTIME_DIR</b></p>
|
|
|
|
<p style="margin-left:22%;">The directory in which to
|
|
create the agent socket.</p>
|
|
|
|
<h2>FILES
|
|
<a name="FILES"></a>
|
|
</h2>
|
|
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>$XDG_CONFIG_HOME/enchive/enchive.pub</b></p>
|
|
|
|
<p style="margin-left:22%;">The file holding the public key
|
|
used for encrypting files.</p>
|
|
|
|
|
|
<p style="margin-left:11%;"><b>$XDG_CONFIG_HOME/enchive/enchive.sec</b></p>
|
|
|
|
<p style="margin-left:22%;">The file holding the secret key
|
|
used for decrypting files.</p>
|
|
|
|
<h2>EXAMPLES
|
|
<a name="EXAMPLES"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>enchive
|
|
keygen --derive</b></p>
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Generate a new
|
|
keypair from a passphrase prompt.</p>
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>enchive
|
|
archive -d mydata.tar.gz</b></p>
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Encrypt
|
|
<b>mydata.tar.gz</b> to <b>mydata.tar.gz.enchive</b> and
|
|
delete the unencrypted file.</p>
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>enchive
|
|
extract mydata.tar.gz.enchive</b></p>
|
|
|
|
<p style="margin-left:11%; margin-top: 1em">Decrypt
|
|
<b>mydata.tar.gz.enchive</b> to <b>mydata.tar.gz</b>,
|
|
preserving the original file.</p>
|
|
|
|
<h2>SEE ALSO
|
|
<a name="SEE ALSO"></a>
|
|
</h2>
|
|
|
|
|
|
<p style="margin-left:11%; margin-top: 1em"><b>gpg</b>(1)
|
|
<br>
|
|
https://github.com/skeeto/enchive <br>
|
|
http://nullprogram.com/blog/2017/03/12/</p>
|
|
<hr>
|
|
</body>
|
|
</html>
|