logo

oasis-root

Compiled tree of Oasis Linux based on own branch at <https://hacktivis.me/git/oasis/> git clone https://anongit.hacktivis.me/git/oasis-root.git

e4crypt.8 (2879B)


  1. .TH E4CRYPT 8 "Aug 2021" "E2fsprogs version 1.46.4"
  2. .SH NAME
  3. e4crypt \- ext4 file system encryption utility
  4. .SH SYNOPSIS
  5. .B e4crypt add_key -S \fR[\fB -k \fIkeyring\fR ] [\fB-v\fR] [\fB-q\fR] \fR[\fB -p \fIpad\fR ] [ \fIpath\fR ... ]
  6. .br
  7. .B e4crypt new_session
  8. .br
  9. .B e4crypt get_policy \fIpath\fR ...
  10. .br
  11. .B e4crypt set_policy \fR[\fB -p \fIpad\fR ] \fIpolicy path\fR ...
  12. .SH DESCRIPTION
  13. .B e4crypt
  14. performs encryption management for ext4 file systems.
  15. .SH COMMANDS
  16. .TP
  17. .B e4crypt add_key \fR[\fB-vq\fR] [\fB-S\fI salt\fR ] [\fB-k \fIkeyring\fR ] [\fB -p \fIpad\fR ] [ \fIpath\fR ... ]
  18. Prompts the user for a passphrase and inserts it into the specified
  19. keyring. If no keyring is specified, e4crypt will use the session
  20. keyring if it exists or the user session keyring if it does not.
  21. .IP
  22. The
  23. .I salt
  24. argument is interpreted in a number of different ways, depending on how
  25. its prefix value. If the first two characters are "s:", then the rest
  26. of the argument will be used as an text string and used as the salt
  27. value. If the first two characters are "0x", then the rest of the
  28. argument will be parsed as a hex string as used as the salt. If the
  29. first characters are "f:" then the rest of the argument will be
  30. interpreted as a filename from which the salt value will be read. If
  31. the string begins with a '/' character, it will similarly be treated as
  32. filename. Finally, if the
  33. .I salt
  34. argument can be parsed as a valid UUID, then the UUID value will be used
  35. as a salt value.
  36. .IP
  37. The
  38. .I keyring
  39. argument specifies the keyring to which the key should be added.
  40. .IP
  41. The
  42. .I pad
  43. value specifies the number of bytes of padding will be added to
  44. directory names for obfuscation purposes. Valid
  45. .I pad
  46. values are 4, 8, 16, and 32.
  47. .IP
  48. If one or more directory paths are specified, e4crypt will try to
  49. set the policy of those directories to use the key just added by the
  50. .B add_key
  51. command. If a salt was explicitly specified, then it will be used
  52. to derive the encryption key of those directories. Otherwise a
  53. directory-specific default salt will be used.
  54. .TP
  55. .B e4crypt get_policy \fIpath\fR ...
  56. Print the policy for the directories specified on the command line.
  57. .TP
  58. .B e4crypt new_session
  59. Give the invoking process (typically a shell) a new session keyring,
  60. discarding its old session keyring.
  61. .TP
  62. .B e4crypt set_policy \fR[\fB -p \fIpad\fR ] \fIpolicy path\fR ...
  63. Sets the policy for the directories specified on the command line.
  64. All directories must be empty to set the policy; if the directory
  65. already has a policy established, e4crypt will validate that the
  66. policy matches what was specified. A policy is an encryption key
  67. identifier consisting of 16 hexadecimal characters.
  68. .SH AUTHOR
  69. Written by Michael Halcrow <mhalcrow@google.com>, Ildar Muslukhov
  70. <muslukhovi@gmail.com>, and Theodore Ts'o <tytso@mit.edu>
  71. .SH SEE ALSO
  72. .BR keyctl (1),
  73. .BR mke2fs (8),
  74. .BR mount (8).