General Commands Manual

NAME¶

rage-mount - Mount an age encrypted filesystem

SYNOPSIS¶

rage-mount [-h|--help] [-V|--version] [--max-work-factor] <-t|--types> [-i|--identity] <FILENAME> <MOUNTPOINT>

DESCRIPTION¶

rage-mount decrypts the age encrypted filesystem at FILENAME on the fly, and mounts it as a directory on the local filesystem at MOUNTPOINT.

Passphrase-encrypted files are detected automatically and the passphrase is requested interactively. Otherwise, one or more IDENTITIES specified with -i/--identity are used to decrypt the file.

The previous contents (if any) and owner and mode of MOUNTPOINT become invisible, and as long as this filesystem remains mounted, the pathname MOUNTPOINT refers to the root of the filesystem on FILENAME.

OPTIONS¶

-h, --help

Print this help message and exit.

-V, --version

Print version info and exit.

--max-work-factor=WF

Maximum work factor to allow for passphrase decryption.

-t, --types=TYPES

Set the filesystem type. The following types are currently supported: "tar", "zip".

This option is required. rage-mount does not attempt to guess the filesystem format.

In theory, any efficiently-seekable filesystem format can be supported. At present, rage-mount only supports seekable archive formats.

-i, --identity=IDENTITY

Decrypt using the IDENTITIES at IDENTITY.

IDENTITY may be one of the following:

a. A file listing IDENTITIES one per line. Empty lines and lines starting with "#" are ignored as comments.

b. A passphrase encrypted age file, containing IDENTITIES one per line like above. The passphrase is requested interactively. Note that passphrase-protected identity files are not necessary for most use cases, where access to the encrypted identity file implies access to the whole system.

c. An SSH private key file, in PKCS#1, PKCS#8, or OpenSSH format. If the private key is password-protected, the password is requested interactively only if the SSH identity matches the file. See the SSH keys section for more information, including supported key types.

d. "-", causing one of the options above to be read from standard input. In this case, the INPUT argument must be specified.

This option can be repeated. Identities are tried in the order in which are provided, and the first one matching one of the file's recipients is used. Unused identities are ignored, but it is an error if the INPUT file is passphrase-encrypted and -i/--identity is specified.

<FILENAME>

The encrypted filesystem to mount.

<MOUNTPOINT>

The directory to mount the filesystem at.

EXAMPLES¶

Mounting an archive encrypted to a recipient:

$ rage-mount -t tar -i key.txt encrypted.tar.age ./tmp

Mounting an archive encrypted with a passphrase:

$ rage-mount -t zip encrypted.zip.age ./tmp
Type passphrase:

VERSION¶

v0.10.0

AUTHORS¶

Jack Grigg <thestr4d@gmail.com>

rage-mount 0.10.0

Source file:	rage-mount.1.en.gz (from rage-encryption 0.10.0+0-1.1)
Source last updated:	2024-04-22T12:15:25Z
Converted to HTML:	2024-05-03T00:54:14Z