Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
ENCHIVE(1)		    General Commands Manual		    ENCHIVE(1)

NAME
       enchive - personal archive encryption

SYNOPSIS

       enchive [-a|-A] [-e] [-p	pubkey]	[-s seckey] [--version]	[--help]
	       keygen [-d[N]] [-e] [-f]	[-i] [-k N] [-u]
	       archive [-d]
	       extract [-d]
	       fingerprint

DESCRIPTION
       enchive	is  a  program	to  encrypt  files  to	yourself for long-term
       archival.  It's a focused, simple alternative  to  more	complex	 tools
       such as GnuPG or	encrypted filesystems.	Like GnuPG, you	can safely en-
       crypt files on systems that you don't trust with	your secret key.

       Files are secured with ChaCha20,	Curve25519, and	HMAC-SHA256.

OPTIONS
       -aseconds, --agent[=seconds]
	      Runs  the	 key  agent  for awhile	after successfully reading the
	      passphrase.  The agent will remain resident in  memory  until  a
	      period  of  inactivity  passes.  Default is 900 seconds (15 min-
	      utes).

       -A, --no-agent
	      Do not start the key agent (default).

       -eprogram, --pinentry[=program]
	      Read passphrases using the system's pinentry  program.   By  de-
	      fault Enchive uses the program named "pinentry".

       -p, --pubkey file
	      Specifies	the public key file to use for encryption.

       -s, --seckey file
	      Specifies	the secret key file to use for decryption.

       --version
	      Print version information.

       --help Print a synopsis of the command line interface.

COMMANDS
       Any unique prefix for a command is accepted. For	example, the command a
       would mean archive.

       keygen [OPTION]...
	      Generates	 a  new	 keypair  either  from	system	entropy	 or  a
	      passphrase.

	   -d[N], --derive[=N]
		  Derives the secret key from a	passphrase.  The key  will  be
		  derived  from	 the  passphrase  using	difficulty exponent N.
		  Default is 29.

	   -e, --edit
		  Edits	the protection passphrase on an	 existing  key.	  This
		  also regenerates the public key file from the	secret key.

	   -f, --force
		  Overwrites any existing keypair without prompting.

	   -i, --fingerprint
		  Prints  the public key fingerprint after generation or edit-
		  ing.

	   -k N, --iterations N
		  Sets the difficulty exponent for deriving the	protection key
		  from the protection key passphrase.  Default is 25.

	   -r N, --repeats N
		  Number of repeated passphrase	prompts	when deriving a	secret
		  key.	It is convenient to set	this to	zero when relying pri-
		  marily on fingerprint	 verification.	 Alternatively,	 addi-
		  tional  repeat  prompts may aid in memorization.  Default is
		  1.

	   -u, --plain
		  Do not use a protection key, and instead  store  the	secret
		  key  unencrypted  on the disk.  Consider using the key agent
		  instead of this option.

       archive [-d|--delete] [INPUT [OUTPUT]]
	      Encrypts a single	file for archival using	only the  public  key.
	      If  no output filename is	given, the output filename will	be the
	      input filename with a .enchive suffix.  Except for --delete, the
	      original file is untouched.  If no filenames are given, encrypts
	      standard input to	standard output.

	   -d, --delete
		  Delete the original input file after success.

       extract [-d|--delete] [INPUT [OUTPUT]]
	      Decrypt a	single file from archival using	the secret key.	 If no
	      output filename is given,	the output filename will be the	 input
	      filename	with  the  .enchive suffix removed.  Without an	output
	      filename,	it is an error for the input to	lack this suffix.   If
	      no  filenames are	given, decrypt standard	input to standard out-
	      put.

	   -d, --delete
		  Delete the original input file after success.

       fingerprint
	      Print the	public key fingerprint to standard output.

ENVIRONMENT
       TMPDIR If $XDG_RUNTIME_DIR is unset, the	directory in which  to	create
	      the agent	socket.	 Default is /tmp.

       XDG_CONFIG_HOME
	      The  directory  under  which keys	will be	created	and read.  De-
	      fault is $HOME/.config.

       XDG_RUNTIME_DIR
	      The directory in which to	create the agent socket.

FILES
       $XDG_CONFIG_HOME/enchive/enchive.pub
	      The file holding the public key used for encrypting files.

       $XDG_CONFIG_HOME/enchive/enchive.sec
	      The file holding the secret key used for decrypting files.

EXAMPLES
       enchive keygen --derive

       Generate	a new keypair from a passphrase	prompt.

       enchive archive -d mydata.tar.gz

       Encrypt mydata.tar.gz to	mydata.tar.gz.enchive  and  delete  the	 unen-
       crypted file.

       enchive extract mydata.tar.gz.enchive

       Decrypt mydata.tar.gz.enchive to	mydata.tar.gz, preserving the original
       file.

SEE ALSO
       gpg(1)
       https://github.com/skeeto/enchive
       http://nullprogram.com/blog/2017/03/12/

								    ENCHIVE(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=enchive&sektion=1&manpath=FreeBSD+Ports+15.0>

home | help