ecryptfs-rewrite-file
Rewrite an eCryptfs encrypted file in-place
SYNOPSIS
ecryptfs-rewrite-file [options] filename
PARAMETERS
filename
The path to the ecryptfs-encrypted file to be rewritten.
--no-sig-cache
Disable the signature cache. This can be useful if the signature cache is corrupted or suspected of causing issues.
--force
Force the rewrite operation, even if it detects potential problems.
Use with caution as this could lead to data loss if the rewrite process fails.
--debug
Enable debug output, providing more verbose information about the rewrite process.
--version
Display the version of the ecryptfs utilities.
--help
Display a help message describing command usage.
DESCRIPTION
The `ecryptfs-rewrite-file` command is a utility to rewrite an encrypted file managed by ecryptfs in place. This is primarily useful for updating the encryption parameters, such as changing the encryption cipher, key size, or wrapping scheme, without decrypting and re-encrypting the entire file from scratch. Rewriting the file applies the changes to the existing encrypted data directly, making it a more efficient process. It's important to understand that you must have the appropriate ecryptfs keys loaded to perform this operation. Incorrect usage or interrupted operations can lead to data loss, so extreme caution is advised.
CAVEATS
Data Loss Warning: Interrupting `ecryptfs-rewrite-file` during operation can corrupt the file. Ensure the system has stable power and that you have backups before running this command.
It's crucial to have the correct ecryptfs keys loaded.
Only use this if you have a solid understanding of ecryptfs internals.
KEY MANAGEMENT
Before using `ecryptfs-rewrite-file`, ensure that the necessary ecryptfs keys are loaded into the kernel keyring. This is typically accomplished by mounting the ecryptfs filesystem or using `ecryptfs-add-passphrase(1)` if you know the passphrase. Without the correct keys loaded, the file cannot be decrypted and rewritten correctly.
BACKUP IMPORTANCE
Before running this command, it is strongly recommended to create a backup of the file you are about to rewrite. If the rewrite operation fails due to a bug or unexpected error, you will be able to restore the original file from your backup.
HISTORY
ecryptfs has been developed for several years, integrated into the Linux kernel. `ecryptfs-rewrite-file` was introduced as part of the ecryptfs toolset to improve flexibility in managing encrypted files. Its creation arose from the need to efficiently update encryption parameters without requiring full file decryption and re-encryption, especially beneficial for large files and resource-constrained systems.
SEE ALSO
ecryptfsd(8), mount.ecryptfs(8), ecryptfs-setup-private(1), ecryptfs-unwrap-passphrase(1)