ntfsprogs/ntfsdecrypt.8.in - platform_external_ntfs-3g - Gitiles

 .\" Copyright (c) 2014 Jean-Pierre Andre
 .\" This file may be copied under the terms of the GNU Public License.
 .\"
 .TH NTFSDECRYPT 8 "June 2014" "ntfs-3g @VERSION@"
 .SH NAME
 ntfsdecrypt \- decrypt or update NTFS files encrypted according to EFS
 .SH SYNOPSIS
 \fBntfsdecrypt\fR [\fIoptions\fR] -k \fIkey.pfx \fIdevice file\fR
 .SH DESCRIPTION
 .B ntfsdecrypt
 decrypts a file from an unmounted device and print the decrypted data
 on the standard output.
 It can also update an encrypted file with the encryption key unchanged.
 .PP
 The NTFS file encryption (known as EFS) uses a two-level encryption :
 first, the file contents is encrypted with a random symmetric key, then
 this symmetric key is encrypted with the public keys of each of the users
 allowed to decrypt the file (RSA public key encryptions).
 .P
 Three symmetric encryption modes are currently implemented in ntfsdecrypt :
 DESX (a DES variant), 3DES (triple DES) and AES_256 (an AES variant).
 .P
 All the encrypted symmetric keys are stored along with the file in a
 special extended attribute named "$LOGGED_UTILITY_STREAM".
 Usually, at least two users are allowed to read the file : its owner and
 the recovery manager who is able to decrypt all the files in a company.
 When backing up an encrypted file, it is important to also backup the
 corresponding $LOGGED_UTILITY_STREAM, otherwise the file cannot be
 decrypted, even by the recovery manager. Also note that encrypted files
 are slightly bigger than apparent, and the option "efs_raw" has
 to be used when backing up encrypted files with ntfs-3g.
 .P
 When ntfsdecrypt is used to update a file, the keys and the
 $LOGGED_UTILITY_STREAM are kept unchanged, so a single key file has to
 be designated.
 .P
 Note : the EFS encryption is only available in professional versions
 of Windows;
 .SH OPTIONS
 Below is a summary of all the options that
 .B ntfsdecrypt
 accepts.  Nearly all options have two equivalent names.  The short name is
 preceded by
 .B \-
 and the long name is preceded by
 .BR \-\- .
 Any single letter options, that don't take an argument, can be combined into a
 single command, e.g.
 .B \-fv
 is equivalent to
 .BR "\-f \-v" .
 Long named options can be abbreviated to any unique prefix of their name.
 .TP
 \fB\-i\fR, \fB\-\-inode\fR NUM
 Display or update the contents of a file designated through its inode number
 instead of its name.
 .TP
 \fB\-e\fR, \fB\-\-encrypt\fR
 Update an existing encrypted file and get the new contents from the
 standard input. The full public and private key file has to be designated,
 as the symmetric key is kept unchanged, so the private key is needed to
 extract it.
 .TP
 \fB\-f\fR, \fB\-\-force\fR
 This will override some sensible defaults, such as not using a mounted volume.
 Use this option with caution.
 .TP
 \fB\-k\fR, \fB\-\-keyfile\-name\fR key.pfx
 Define the file which contains the public and private keys in PKCS#12 format.
 This file obviously contains the keys of one of the users allowed to decrypt
 or update the file. It has to be extracted from Windows in PKCS#12 format
 (its usual suffix is .p12 or .pfx), and it is protected by a passphrase
 which has to be typed in for the keys to be extracted. This can be the
 key file of any user allowed to read the file, including the one of the
 recovery manager.
 .TP
 \fB\-h\fR, \fB\-\-help\fR
 Show a list of options with a brief description of each one.
 .TP
 \fB\-q\fR, \fB\-\-quiet\fR
 Suppress some debug/warning/error messages.
 .TP
 \fB\-V\fR, \fB\-\-version\fR
 Show the version number, copyright and license of
 .BR ntfsdecrypt .
 .TP
 \fB\-v\fR, \fB\-\-verbose\fR
 Display more debug/warning/error messages.
 .SH EXAMPLES
 Display the contents of the file hamlet.doc in the directory Documents of
 the root of the NTFS file system on the device /dev/sda1
 .RS
 .sp
 .B ntfsdecrypt -k foo.key /dev/sda1 Documents/hamlet.doc
 .sp
 .RE
 Update the file hamlet.doc
 .RS
 .sp
 .B ntfsdecrypt -k foo.key /dev/sda1 Documents/hamlet.doc < new.doc
 .sp
 .RE
 .SH BUGS
 There are no known problems with
 .BR ntfsdecrypt .
 If you find a bug please send an email describing the problem to the
 development team:
 .br
 .nh
 ntfs\-3g\-devel@lists.sf.net
 .hy
 .SH AUTHORS
 .B ntfsdecrypt
 was written by Yuval Fledel, Anton Altaparmakov and Yura Pakhuchiy.
 It was ported to ntfs-3g by Erik Larsson and upgraded by Jean-Pierre Andre.
 .SH AVAILABILITY
 .B ntfsdecrypt
 is part of the
 .B ntfs-3g
 package and is available from:
 .br
 .nh
 http://www.tuxera.com/community/
 .hy
 .SH SEE ALSO
 Read \fBntfs-3g\fR(8) for details on option efs_raw,
 .RE
 .BR ntfscat (8),
 .BR ntfsprogs (8)
	.\" Copyright (c) 2014 Jean-Pierre Andre
	.\" This file may be copied under the terms of the GNU Public License.
	.\"
	.TH NTFSDECRYPT 8 "June 2014" "ntfs-3g @VERSION@"
	.SH NAME
	ntfsdecrypt \- decrypt or update NTFS files encrypted according to EFS
	.SH SYNOPSIS
	\fBntfsdecrypt\fR [\fIoptions\fR] -k \fIkey.pfx \fIdevice file\fR
	.SH DESCRIPTION
	.B ntfsdecrypt
	decrypts a file from an unmounted device and print the decrypted data
	on the standard output.
	It can also update an encrypted file with the encryption key unchanged.
	.PP
	The NTFS file encryption (known as EFS) uses a two-level encryption :
	first, the file contents is encrypted with a random symmetric key, then
	this symmetric key is encrypted with the public keys of each of the users
	allowed to decrypt the file (RSA public key encryptions).
	.P
	Three symmetric encryption modes are currently implemented in ntfsdecrypt :
	DESX (a DES variant), 3DES (triple DES) and AES_256 (an AES variant).
	.P
	All the encrypted symmetric keys are stored along with the file in a
	special extended attribute named "$LOGGED_UTILITY_STREAM".
	Usually, at least two users are allowed to read the file : its owner and
	the recovery manager who is able to decrypt all the files in a company.
	When backing up an encrypted file, it is important to also backup the
	corresponding $LOGGED_UTILITY_STREAM, otherwise the file cannot be
	decrypted, even by the recovery manager. Also note that encrypted files
	are slightly bigger than apparent, and the option "efs_raw" has
	to be used when backing up encrypted files with ntfs-3g.
	.P
	When ntfsdecrypt is used to update a file, the keys and the
	$LOGGED_UTILITY_STREAM are kept unchanged, so a single key file has to
	be designated.
	.P
	Note : the EFS encryption is only available in professional versions
	of Windows;
	.SH OPTIONS
	Below is a summary of all the options that
	.B ntfsdecrypt
	accepts. Nearly all options have two equivalent names. The short name is
	preceded by
	.B \-
	and the long name is preceded by
	.BR \-\- .
	Any single letter options, that don't take an argument, can be combined into a
	single command, e.g.
	.B \-fv
	is equivalent to
	.BR "\-f \-v" .
	Long named options can be abbreviated to any unique prefix of their name.
	.TP
	\fB\-i\fR, \fB\-\-inode\fR NUM
	Display or update the contents of a file designated through its inode number
	instead of its name.
	.TP
	\fB\-e\fR, \fB\-\-encrypt\fR
	Update an existing encrypted file and get the new contents from the
	standard input. The full public and private key file has to be designated,
	as the symmetric key is kept unchanged, so the private key is needed to
	extract it.
	.TP
	\fB\-f\fR, \fB\-\-force\fR
	This will override some sensible defaults, such as not using a mounted volume.
	Use this option with caution.
	.TP
	\fB\-k\fR, \fB\-\-keyfile\-name\fR key.pfx
	Define the file which contains the public and private keys in PKCS#12 format.
	This file obviously contains the keys of one of the users allowed to decrypt
	or update the file. It has to be extracted from Windows in PKCS#12 format
	(its usual suffix is .p12 or .pfx), and it is protected by a passphrase
	which has to be typed in for the keys to be extracted. This can be the
	key file of any user allowed to read the file, including the one of the
	recovery manager.
	.TP
	\fB\-h\fR, \fB\-\-help\fR
	Show a list of options with a brief description of each one.
	.TP
	\fB\-q\fR, \fB\-\-quiet\fR
	Suppress some debug/warning/error messages.
	.TP
	\fB\-V\fR, \fB\-\-version\fR
	Show the version number, copyright and license of
	.BR ntfsdecrypt .
	.TP
	\fB\-v\fR, \fB\-\-verbose\fR
	Display more debug/warning/error messages.
	.SH EXAMPLES
	Display the contents of the file hamlet.doc in the directory Documents of
	the root of the NTFS file system on the device /dev/sda1
	.RS
	.sp
	.B ntfsdecrypt -k foo.key /dev/sda1 Documents/hamlet.doc
	.sp
	.RE
	Update the file hamlet.doc
	.RS
	.sp
	.B ntfsdecrypt -k foo.key /dev/sda1 Documents/hamlet.doc < new.doc
	.sp
	.RE
	.SH BUGS
	There are no known problems with
	.BR ntfsdecrypt .
	If you find a bug please send an email describing the problem to the
	development team:
	.br
	.nh
	ntfs\-3g\-devel@lists.sf.net
	.hy
	.SH AUTHORS
	.B ntfsdecrypt
	was written by Yuval Fledel, Anton Altaparmakov and Yura Pakhuchiy.
	It was ported to ntfs-3g by Erik Larsson and upgraded by Jean-Pierre Andre.
	.SH AVAILABILITY
	.B ntfsdecrypt
	is part of the
	.B ntfs-3g
	package and is available from:
	.br
	.nh
	http://www.tuxera.com/community/
	.hy
	.SH SEE ALSO
	Read \fBntfs-3g\fR(8) for details on option efs_raw,
	.RE
	.BR ntfscat (8),
	.BR ntfsprogs (8)