Provided by: cryfs_0.9.9-1ubuntu1_amd64 bug


       cryfs - cryptographic filesystem for the cloud


       cryfs [-c file] [-f] [options] basedir mountpoint [-- fuse-options]
       cryfs --help|--version|--show-ciphers


       CryFS encrypts your files, so you can safely store them anywhere.

       The  goal  of  CryFS  is not only to keep file contents, but also file sizes, metadata and
       directory structure confidential.  CryFS uses encrypted same-size blocks to store both the
       files  themselves  and  the  block's  relations  to  another.   These blocks are stored as
       individual files in the base directory, which can then be synchronized with cloud services
       such as Dropbox.

       The  blocks  are  encrypted  using  a  random key, which is stored in a configuration file
       encrypted by the user's passphrase.  By default, it will be stored together with the  data
       in  the  base  directory, but you can choose a different location if you do not want it in
       your cloud or when using a weak passphrase.


   Selecting base and mount directories
       While you can access your files through your mount directory, CryFS actually  places  them
       in  your  base  directory after encrypting.  CryFS will encrypt and decrypt your files 'on
       the fly' as they are accessed, so files will never be stored on the  disk  in  unencrypted

       You  can  choose  any  empty  directory  as  your base, but your mount directory should be
       outside of any cloud storage, as your cloud may try to  sync  your  (temporarily  mounted)
       unencrypted files as well.

   Setup and usage of your encrypted directory
       Creating and mounting your encrypted storage use the same command-line syntax:
              cryfs basedir mountpoint

       If  CryFS  detects an encrypted storage in the given base directory, you will be asked for
       the passphrase to unlock and mount it. Otherwise, CryFS will help you with  creating  one,
       just follow the on-screen instructions.

       After  you  are  done  working  with  your  encrypted files, unmount your storage with the
              fusermount -u mountpoint

   Changing your passphrase
       As the encryption key to your CryFS storage is stored in your configuration file, it would
       be  possible  to re-encrypt it using a different passphrase (although this feature has not
       been implemented yet).

       However, this does not change the actual encryption key of your storage, so  someone  with
       access  to the old passphrase and configuration file (for example through the file history
       of your cloud or your file system) could still access your files, even those created after
       the password change.

       For  this  reason,  the recommended way to change your passphrase is to create a new CryFS
       storage with the new passphrase and move your files from the old to the new one.


   Getting help
       -h, --help
              Show a help message containing short descriptions for all options.

              Show a list of all supported encryption ciphers.

              Show the CryFS version number.

   Encryption parameters
       --blocksize arg
              Set the block size to arg bytes. Defaults to 32768.

              A higher block size may help  reducing  the  file  count  in  your  base  directory
              (especially  when storing large files), but will also waste more space when storing
              smaller files.

       --cipher arg
              Use arg as the cipher for the encryption. Defaults to aes-256-gcm.

       -c file, --config file
              Use  file   as   configuration   file   for   this   CryFS   storage   instead   of

   General options
       -f, --foreground
              Run CryFS in the foreground. Stop using CTRL-C.

              Allow  upgrading the file system if it was created with an old CryFS version. After
              the upgrade, older CryFS versions might not be able to use the file system anymore.

       --logfile file
              Write status information to file. If no logfile is given, CryFS will write them  to
              syslog in background mode, or to stdout in foreground mode.

       --unmount-idle arg
              Unmount automatically after arg minutes of inactivity.


              With  this  option  set,  CryFS  will  only ask for the encryption passphrase once.
              Instead of asking the user for parameters not specified on  the  command  line,  it
              will  just  use  the  default  values.  CryFS will also not ask you to confirm your
              passphrase when creating a new CryFS storage.

              Set this environment variable when automating CryFS using external tools  or  shell

              By   default,   CryFS  connects  to  the  internet  to  check  for  known  security
              vulnerabilities and new versions. This option disables this.


       mount.fuse(1), fusermount(1)

       For more information about the design of CryFS, visit

       Visit the development repository at for the source code and
       the full list of contributors to CryFS.


       CryFS  was  created  by  Sebastian Messmer and contributors.  This man page was written by
       Maximilian Wende.