diff options
| author | Eric Biggers <ebiggers@google.com> | 2021-07-16 17:31:58 -0500 |
|---|---|---|
| committer | Eric Biggers <ebiggers3@gmail.com> | 2021-07-16 18:06:46 -0500 |
| commit | a3b365be9878b14fd36cc310d3c8b1fdccfdcb04 (patch) | |
| tree | a931558fc3cd1d7e47b0997d54206663d59bb6fb /README.md | |
| parent | 96afc7762b4b7466f8c8fac5801c52aa58c34a4c (diff) | |
README: add troubleshooting section for ENOPKG error
Inspired by https://reddit.com/r/linuxquestions/comments/n75dv4
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 17 |
1 files changed, 17 insertions, 0 deletions
@@ -58,6 +58,7 @@ native encryption. See [Runtime Dependencies](#runtime-dependencies). - [Getting "encryption not enabled" on an ext4 filesystem.](#getting-encryption-not-enabled-on-an-ext4-filesystem) - [Getting "user keyring not linked into session keyring".](#getting-user-keyring-not-linked-into-session-keyring) - [Getting "Operation not permitted" when moving files into an encrypted directory.](#getting-operation-not-permitted-when-moving-files-into-an-encrypted-directory) + - [Getting "Package not installed" when trying to use an encrypted directory.](#getting-package-not-installed-when-trying-to-use-an-encrypted-directory) - [Some processes can't access unlocked encrypted files.](#some-processes-cant-access-unlocked-encrypted-files) - [Users can access other users' unlocked encrypted files.](#users-can-access-other-users-unlocked-encrypted-files) - [Legal](#legal) @@ -902,6 +903,22 @@ shred -u file However, `shred` isn't guaranteed to be effective on all filesystems and storage devices. +#### Getting "Package not installed" when trying to use an encrypted directory. + +Trying to create or open an encrypted file will fail with `ENOPKG` ("Package not +installed") when the kernel doesn't support one or more of the cryptographic +algorithms used by the file or its directory. Note that `fscrypt encrypt` and +`fscrypt unlock` will still succeed; it's only using the directory afterwards +that will fail. + +The kernel will always support the algorithms that `fscrypt` uses by default. +However, if you changed the contents and/or filenames encryption algorithms in +[`/etc/fscrypt.conf`](#configuration-file), then you may run into this issue. +To fix it, enable the needed `CONFIG_CRYPTO_*` options in your Linux kernel +configuration. See the [kernel +documentation](https://www.kernel.org/doc/html/latest/filesystems/fscrypt.html#encryption-modes-and-usage) +for details about which option(s) are required for each encryption mode. + #### Some processes can't access unlocked encrypted files. This issue is caused by a limitation in the original design of Linux filesystem |