ecryptfs-rewrite-file

ecryptfs-rewrite-file [options] filename

filename
    The path to the ecryptfs-encrypted file to be rewritten.

--no-sig-cache
    Disable the signature cache. This can be useful if the signature cache is corrupted or suspected of causing issues.

--force
    Force the rewrite operation, even if it detects potential problems.
Use with caution as this could lead to data loss if the rewrite process fails.

--debug
    Enable debug output, providing more verbose information about the rewrite process.

--version
    Display the version of the ecryptfs utilities.

--help
    Display a help message describing command usage.

The `ecryptfs-rewrite-file` command is a utility to rewrite an encrypted file managed by ecryptfs in place. This is primarily useful for updating the encryption parameters, such as changing the encryption cipher, key size, or wrapping scheme, without decrypting and re-encrypting the entire file from scratch. Rewriting the file applies the changes to the existing encrypted data directly, making it a more efficient process. It's important to understand that you must have the appropriate ecryptfs keys loaded to perform this operation. Incorrect usage or interrupted operations can lead to data loss, so extreme caution is advised.

Data Loss Warning: Interrupting `ecryptfs-rewrite-file` during operation can corrupt the file. Ensure the system has stable power and that you have backups before running this command.
It's crucial to have the correct ecryptfs keys loaded.
Only use this if you have a solid understanding of ecryptfs internals.

Before using `ecryptfs-rewrite-file`, ensure that the necessary ecryptfs keys are loaded into the kernel keyring. This is typically accomplished by mounting the ecryptfs filesystem or using `ecryptfs-add-passphrase(1)` if you know the passphrase. Without the correct keys loaded, the file cannot be decrypted and rewritten correctly.

Before running this command, it is strongly recommended to create a backup of the file you are about to rewrite. If the rewrite operation fails due to a bug or unexpected error, you will be able to restore the original file from your backup.

ecryptfs has been developed for several years, integrated into the Linux kernel. `ecryptfs-rewrite-file` was introduced as part of the ecryptfs toolset to improve flexibility in managing encrypted files. Its creation arose from the need to efficiently update encryption parameters without requiring full file decryption and re-encryption, especially beneficial for large files and resource-constrained systems.

ecryptfsd(8), mount.ecryptfs(8), ecryptfs-setup-private(1), ecryptfs-unwrap-passphrase(1)