bctool.8

加密解密,安全工具！很有意思的代码

.TH BCTOOL 8 "Jan 14 2002" "Linux" "MAINTENANCE COMMANDS"
.SH NAME
bctool \- BestCrypt for Linux command line interface 
.nf 
(c) 2001-2002 Jetico, Inc. http://www.jetico.com
.SH SYNOPSIS
.ad l
.B bctool
.B <command>
.I arguments
[
.I options
]
.ad b
.SH DESCRIPTION
.B BestCrypt 
is the product providing the most comprehensive level of data
security for personal computers today. When BestCrypt is installed in your
computer, it keeps your confidential data private in encrypted form to
prevent unauhorized reading and information leaks.

Container is a special file created and managed using the bctool utility. 
The bctool utility can also manage any block device (raw partition or floppy 
disk) as a container. 
The container can be mounted
as a filesystem to specified mount point and managed by the BestCrypt driver.
All files stored in the filesystem are stored inside the mounted container in
encrypted form.

BestCrypt for Linux is compatible with the BestCrypt versions for Microsoft
DOS/Windows 3.x/95/98/NT/2000/XP operating systems.

.SH COMMANDS
.IP "\fBnew \fIfilename \-s size[k|M] \-a algorithm \fP[\fI\-d description\fP]"
create new BestCrypt container file named \fIfilename\fP. Size of container is 
specified in bytes (\fI\-s size\fP), \fBk\fPilobytes (\fI\-s sizek\fP) or 
\fBM\fPegabytes (\fI\-s sizeM\fP). The \fI\-a algorithm\fP specifies encryption 
algorithm for container. Algorithm name is taken from config file \fB/etc/bc\.conf\fP.
Currently following algorithms are supported by BestCrypt for Linux:
.PD 0
.RS
.IP \fIgost\fP
Russian GOST 28147-89 with 256-bit key
.IP \fIbf128\fP
Bruce Schneier's BlowFish with 128-bit key
.IP \fIblowfish\fP
Bruce Schneier's BlowFish with 256-bit key
.IP \fIbf448\fP
Bruce Schneier's BlowFish with 448-bit key
.IP \fItwofish\fP
Bruce Schneier's TwoFish with 256-bit key 
.IP \fIrijndael\fP
Rijndael or AES with 256-bit key
.IP \fIcast\fP
CAST-128 with 128-bit key
.IP \fIidea\fP
IDEA with 128-bit key. 
.IP \fI3des\fP
US standard FIPS 46-3 with 168-bit key
.IP \fIdes\fP
US standard FIPS-46 with 56-bit key. \fBDES usage is strongly discouraged due to small key length.\fP
.RE
.RS
Optional [\fI\-d description\fP] sets container's ASCII description up to 60 chars.
You also will be prompted to set \fBpassword\fP for your container. Minimum password 
length is 6 chars. This \fBpassword\fP will be asked when using container for 
authorization. \fBPassword\fP can be changed by bctool's \fBpasswd\fP command (see 
below).
.PD
.RE
.IP "\fBformat \fIfilename \fP[\fI\-t fstype\fP]"
create filesystem in container \fIfilename\fP. Filesystem type is determined by 
[\fI\-t fstype\fP]. Availability of filesystems depends on your mkfs(8). Examples 
of \fIfstype\fP:
.PD 0
.RS
.IP \fImsdos\fP
FAT 16 (default)
.IP \fIvfat\fP
FAT 32
.IP \fIext2\fP
Linux ext2
.RE
.PD
.RE
.IP "\fBmake_hidden \fIfilename size\fP"
.IP "\fBThis command is intended for expert use.\
 Please consult detailed BestCrypt documentation.\fP"
.IP
create \fBhidden\ part\fP in container \fIfilename\fP. \fBHidden\ part\fP is
"container" inside another container. There are no ways to prove whether hidden
part exists or not inside given container. Size of hidden part may
be specified in bytes, \fBk\fPilobytes, \fIM\fPegabytes or \fI%\fP percents.
.PD
.RE
.IP "\fBmount \fIfilename mount\_point\fP [\fI\-t fstype\fP] [\fI\-r\fP] [\fI\-m mode\fP] [\fI\-u user\fP] [\fI\-g group\fP]"
mount container \fIfilename\fP to mount point \fImount\_point\fP. Fstype field 
forces filesystem type to value \fIfstype\fP. Use \fI-r\fP option to mount read only.
Use \fI-m\fP to specify mount_point permissions (octal number, default 0700). Use \fI-u\fP and 
\fI-g\fP to specify mount_point's owner and group (note: only root can specify mount_point's owner).
While mounted, container file is not accessible for read/write.
.PD
.RE
.IP "\fBumount \fP{\ \fImount\_point\fP | \fI\-A\fP } [\fI\-f\fP]"
unmount container from mount point \fImount\_point\fP or unmount all (\fI\-A\fP)
containers mounted by current user. \fI\-f\fP option forces urgent unmount of 
container.
.PD
.RE
.IP "\fBinfo \fIfilename\fP"
display information on container \fIfilename\fP.
.PD
.RE
.IP "\fBpasswd \fIfilename\fP"
change password on container \fIfilename\fP.
.PD
.RE
.IP "\fBadd_passwd \fIfilename\fP"
add one more password to container \fIfilename\fP. BestCrypt conatiner supports
up to 7 passwords. All passwords provide equal access rights for container.
.PD
.RE
.IP "\fBdel_passwd \fIfilename\fP"
delete one password from container \fIfilename\fP. The very first password of 
container can not be deleted.
.PD
.RE
.IP "\fBreencrypt \fIfilename \-a algorithm\fP"
change encrypton algorithm (\fI\-a algorithm\fP) and/or password on container 
\fIfilename\fP. \fBNOTE\fP: bctool reencrypts entire container. This process 
may take a lot of time on large containers.  
.PD
.RE
.IP "\fBfsck \fIfilename\fP"
check container's filesystem consistency. Filesystem check is performed by
fsck(8) family of utilities.
.PD
.RE
.IP "\fBlink \fIfilename devname\fP"
.IP "\fBThis command is intended for expert use.\
 Please consult detailed BestCrypt documentation.\fP"
.IP
link container \fIfilename\fP to BestCrypt device \fIdevname\fP (/dev/bcrypt0,
...). Upon command completion container's contents will be accessible via 
\fIdevname\fP block device. \fBContainer linking should only be used when other
commands do not satisfy your requirements\fP
.PD
.RE
.IP "\fBunlink \fIdevname\fP"
.IP "\fBThis command is intended for expert use.\
 Please consult detailed BestCrypt documentation.\fP"
.IP
unlink previously linked container from BestCrypt device \fIdevname\fP 
(/dev/bcrypt0,...). \fBContainer linking should only be used when other
commands do not satisfy your requirements\fP

.PD
.RE
.IP "\fBraw_link \fIfilename devname -a algorithm \fP[\fI\-p\fP]\fP"
.IP "\fBThis command is intended for expert use.\
 Please consult detailed BestCrypt documentation.\fP"
.IP
link contiguous file \fIfilename\fP to BestCrypt device \fIdevname\fP 
(/dev/bcrypt0,...). \fI\-p\fP option can be used in order to generate 
random password. \fBraw_link\fP command is intended to make encrypted
temporary storage, such as \fI/tmp\fP or \fIswap\fP.
\fBraw_link command ignores file contents. If you will supply BestCrypt
container to raw_link command, container data will be destroyed.\fP

.SH BUGS
Avoid using BestCrypt with journaling filesystems on kernels prior to 2.4.17 -
BestCrypt driver may end up in deadlock.

.SH FILES

.nf
/usr/bin/bctool
.nf
/etc/bc.conf - BestCrypt for Linux configuration file
.nf
/lib/modules/<kernel_version>/block/bc.o - BestCrypt driver
.nf
/lib/modules/<kernel_version>/block/bc_<algorithm>.o - BestCrypt encryption algorithms
.nf
/dev/bcrypt0,/dev/bcrypt1,... -  BestCrypt devices
.fi
.SH AUTHORS
.nf
Original version: Jetico, Inc. <support@jetico.com>

.SH SEE ALSO

bcwipe(1)
.br