QUIXAND(1)							    QUIXAND(1)



NAME
       quixand	-  create disposable (encrypted) files and directories for use
       as sandboxes


SYNOPSIS
       quixand [options/paths]


DESCRIPTION
       Quixand (pronounced "quicksand") is a tool for easily creating  dispos‐
       able,  single-session  encrypted	 sandboxes.  Quixand  will  create  an
       encrypted directory with EncFS using "paranoid" mode and a random  key.
       Once mounted, quixand can create temporary files and directories within
       the encrypted directory and symlink any file on	your system  to	 them.
       You  can	 then  use the symlinked files and directories as you normally
       would, but any data written to them will not be written to the disk  in
       an  unencrypted	form.  Once  unmounted,	 the data within the encrypted
       directory should be unrecoverable because the key is  not  stored  any‐
       where.  Typical usage includes sandboxing your browser cache directory,
       creating secure disposable history files for various apps that you only
       wish  to use for the session and creating a general-purpose sandbox for
       temporary files, for example the contents of a usb  stick.  The	"EXAM‐
       PLES"  section below should provide further insight into potential uses
       of quixand.


TECHNICAL INFORMATION AND CAVEATS
       Quixand depends on EncFS (Encrypted Filesystem) to create the encrypted
       directory.  The encrypted directory is created using encfs's "paranoid"
       mode along with a one-time 256-bit random key generated from /dev/uran‐
       dom.  The  key  is not stored anywhere. Once the encrypted directory is
       unmounted, there should be no easy way to recover its contents and thus
       it  is  intended	 for  use as a single-session sandbox. The strength of
       this setup directly depends on EncFS and the user is advised to consult
       the  EncFS  documentation  in  order  to	 familiarize him-/herself with
       EncFS's strengths and weaknesses. The author of quixand	assumes	 abso‐
       lutely no liability for its use and the user uses quixand entire at his
       or her own risk.

       EncFS does not require a fixed amount of space and  thus	 bypasses  the
       need  to	 pre-allocate  disk  space  and	 set  up  partitions  etc. The
       encrypted directory will grow as needed and will only be limited by the
       amount of space available in /tmp.

       To  improve  the security of the setup, it is recommended that the user
       either encrypt their swap partition with a one-time key at boot or dis‐
       able swap completely to prevent the contents of memory from being writ‐
       ten to the disk during operation.


OPTIONS
       -c, --config /path/to/dir
	      specify a configuration directory currently the only purpose  of
	      the  configuration  directory  is	 to  track the working quixand
	      directory default: ~/.quixand

       -d, --dir
	      specify directories for symlinking see (1) below


       --encfs-args
	      specify additional command-line arguments to encfs see (1) below

       --file specify files for symlinking see (1) below

       -f, --force
	      force symlinks even if they already point to the working quixand
	      directory

       --help display this message

       --plain
	      place files and directories in a plain-text directory instead of
	      one encrypted with EncFS this may be useful if you are using  an
	      already encrypted /tmp partition

       -p, --purge
	      purge  the  working quixand directory and remove any passed sym‐
	      links this is the recommended way of shutting down your  current
	      quixand  setup  see  "--renew"  if  you wish to reset your setup
	      rather than shut it down

       -r, --renew
	      purge  the  setup	 and  create  a	 new  one  "--renew"   implies
	      "--purge", see "--purge"

       --wipe-with "/path/to/wiper [args]"
	      use  /path/to/wiper  to wipe files instead of just removing them
	      make sure to enclose all	arguments  to  the  wiper  within  the
	      string beginning with the path


   (1)	The "--dir", "--encfs-args" and "--file" arguments act as switches. By
       default, all non-option arguments passed to quixand will be  considered
       files that should be symlinked. If "--dir" or "--encfs-args" is encoun‐
       tered then they will be interpretted as dirs that should	 be  symlinked
       or  additional arguments to encfs, respectively. Consider the following
       examples:
	      quixand foo bar baz
		     creates 3 file symlinks

	      quixand foo --dir bar baz
		     create 1 file symlink (foo) and 2 dir symlinks (bar,baz)

	      quixand foo --dir bar --file baz
		     creates 2 file symlinks (foo,baz) and 1 dir symlink (bar)


EXAMPLES
       Create a sandbox in your home dir
	      quixand -d ~/sandbox

       Sandbox your image thumbnails in ~/.thumbnails
	      quixand -d ~/.thumbnails

       Sandbox your bash history
	      quixand ~/.bash_history

       Sandbox your Firefox cache
	      quixand -d ~/.mozilla/firefox/<profile>/Cache

       Do all of the above when you first log in by adding the following  line
       to ~/.bash_profile
	      quixand	  ~/.bash_history     -d    ~/sandbox	 ~/.thumbnails
	      ~/.mozilla/firefox/<profile>/Cache

       Purge all of the above
	      quixand	-p   ~/.bash_history   -d   ~/sandbox	 ~/.thumbnails
	      ~/.mozilla/firefox/<profile>/Cache



AUTHORS
       Xyne



				  March 2009			    QUIXAND(1)