aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md80
1 files changed, 40 insertions, 40 deletions
diff --git a/README.md b/README.md
index 83a2154..0880216 100644
--- a/README.md
+++ b/README.md
@@ -199,7 +199,7 @@ that looks like the following:
"padding": "32",
"contents": "AES_256_XTS",
"filenames": "AES_256_CTS",
- "policy_version": "1"
+ "policy_version": "2"
},
"use_fs_keyring_for_v1_policies": false
}
@@ -362,6 +362,7 @@ MOUNTPOINT DEVICE FILESYSTEM ENCRYPTION FSCRYPT
# Create the global configuration file. Nothing else necessarily needs root.
>>>>> sudo fscrypt setup
+Defaulting to policy_version 2 because kernel supports it.
Customizing passphrase hashing difficulty for this system...
Created global config file at "/etc/fscrypt.conf".
Metadata directories created at "/.fscrypt".
@@ -390,8 +391,8 @@ ext4 filesystem "/mnt/disk" has 1 protector and 1 policy
PROTECTOR LINKED DESCRIPTION
7626382168311a9d No custom protector "Super Secret"
-POLICY UNLOCKED PROTECTORS
-7626382168311a9d Yes 7626382168311a9d
+POLICY UNLOCKED PROTECTORS
+16382f282d7b29ee27e6460151d03382 Yes 7626382168311a9d
```
#### Quiet Version
@@ -409,24 +410,23 @@ POLICY UNLOCKED PROTECTORS
>>>>> fscrypt status /mnt/disk/dir1
"/mnt/disk/dir1" is encrypted with fscrypt.
-Policy: 16382f282d7b29ee
-Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:1
+Policy: 16382f282d7b29ee27e6460151d03382
+Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes
Protected with 1 protector:
PROTECTOR LINKED DESCRIPTION
7626382168311a9d No custom protector "Super Secret"
-# Lock the directory. 'sudo' and the '--user' argument are only
-# required if the directory uses a v1 encryption policy.
->>>>> sudo fscrypt lock /mnt/disk/dir1 --user=$USER
-Encrypted data removed from filesystem cache.
+# Lock the directory. Note: if using a v1 encryption policy instead
+# of v2, you'll need 'sudo fscrypt lock /mnt/disk/dir1 --user=$USER'.
+>>>>> fscrypt lock /mnt/disk/dir1
"/mnt/disk/dir1" is now locked.
>>>>> fscrypt status /mnt/disk/dir1
"/mnt/disk/dir1" is encrypted with fscrypt.
-Policy: 16382f282d7b29ee
-Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:1
+Policy: 16382f282d7b29ee27e6460151d03382
+Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: No
Protected with 1 protector:
@@ -446,8 +446,8 @@ Enter custom passphrase for protector "Super Secret":
>>>>> fscrypt status /mnt/disk/dir1
"/mnt/disk/dir1" is encrypted with fscrypt.
-Policy: 16382f282d7b29ee
-Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:1
+Policy: 16382f282d7b29ee27e6460151d03382
+Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes
Protected with 1 protector:
@@ -459,7 +459,7 @@ Hello World
#### Quiet Version
```bash
->>>>> sudo fscrypt lock /mnt/disk/dir1 --quiet --user=$USER
+>>>>> fscrypt lock /mnt/disk/dir1 --quiet
>>>>> echo "hunter2" | fscrypt unlock /mnt/disk/dir1 --quiet
```
@@ -482,8 +482,8 @@ Enter login passphrase for joerichey:
>>>>> fscrypt status /mnt/disk/dir2
"/mnt/disk/dir2" is encrypted with fscrypt.
-Policy: fe1c92009abc1cff
-Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:1
+Policy: fe1c92009abc1cff4f3257c77e8134e3
+Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes
Protected with 1 protector:
@@ -496,9 +496,9 @@ PROTECTOR LINKED DESCRIPTION
7626382168311a9d No custom protector "Super Secret"
6891f0a901f0065e Yes (/) login protector for joerichey
-POLICY UNLOCKED PROTECTORS
-16382f282d7b29ee Yes 7626382168311a9d
-fe1c92009abc1cff Yes 6891f0a901f0065e
+POLICY UNLOCKED PROTECTORS
+16382f282d7b29ee27e6460151d03382 Yes 7626382168311a9d
+fe1c92009abc1cff4f3257c77e8134e3 Yes 6891f0a901f0065e
>>>>> fscrypt status /
ext4 filesystem "/" has 1 protector(s) and 0 policy(ies)
@@ -518,8 +518,8 @@ PROTECTOR LINKED DESCRIPTION
>>>>> fscrypt status /mnt/disk/dir1
"/mnt/disk/dir1" is encrypted with fscrypt.
-Policy: 16382f282d7b29ee
-Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:1
+Policy: 16382f282d7b29ee27e6460151d03382
+Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes
Protected with 1 protector:
@@ -573,9 +573,9 @@ PROTECTOR LINKED DESCRIPTION
2c75f519b9c9959d No raw key protector "Skeleton"
6891f0a901f0065e Yes (/) login protector for joerichey
-POLICY UNLOCKED PROTECTORS
-16382f282d7b29ee Yes 7626382168311a9d
-fe1c92009abc1cff Yes 6891f0a901f0065e
+POLICY UNLOCKED PROTECTORS
+16382f282d7b29ee27e6460151d03382 Yes 7626382168311a9d
+fe1c92009abc1cff4f3257c77e8134e3 Yes 6891f0a901f0065e
# Finally, we could apply this key to a directory
>>>>> mkdir /mnt/disk/dir3
@@ -607,31 +607,31 @@ PROTECTOR LINKED DESCRIPTION
2c75f519b9c9959d No raw key protector "Skeleton"
6891f0a901f0065e Yes (/) login protector for joerichey
-POLICY UNLOCKED PROTECTORS
-d03fb894584a4318 No 2c75f519b9c9959d
-16382f282d7b29ee No 7626382168311a9d
-fe1c92009abc1cff No 6891f0a901f0065e
+POLICY UNLOCKED PROTECTORS
+d03fb894584a4318d1780e9a7b0b47eb No 2c75f519b9c9959d
+16382f282d7b29ee27e6460151d03382 No 7626382168311a9d
+fe1c92009abc1cff4f3257c77e8134e3 No 6891f0a901f0065e
>>>>> fscrypt status /mnt/disk/dir1
"/mnt/disk/dir1" is encrypted with fscrypt.
-Policy: 16382f282d7b29ee
-Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:1
+Policy: 16382f282d7b29ee27e6460151d03382
+Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: No
Protected with 1 protector:
PROTECTOR LINKED DESCRIPTION
7626382168311a9d No custom protector "Super Secret"
->>>>> fscrypt metadata add-protector-to-policy --protector=/mnt/disk:2c75f519b9c9959d --policy=/mnt/disk:16382f282d7b29ee
+>>>>> fscrypt metadata add-protector-to-policy --protector=/mnt/disk:2c75f519b9c9959d --policy=/mnt/disk:16382f282d7b29ee27e6460151d03382
WARNING: All files using this policy will be accessible with this protector!!
-Protect policy 16382f282d7b29ee with protector 2c75f519b9c9959d? [Y/n]
+Protect policy 16382f282d7b29ee27e6460151d03382 with protector 2c75f519b9c9959d? [Y/n]
Enter key file for protector "Skeleton": secret.key
Enter custom passphrase for protector "Super Secret":
-Protector 2c75f519b9c9959d now protecting policy 16382f282d7b29ee.
+Protector 2c75f519b9c9959d now protecting policy 16382f282d7b29ee27e6460151d03382.
>>>>> fscrypt status /mnt/disk/dir1
"/mnt/disk/dir1" is encrypted with fscrypt.
-Policy: 16382f282d7b29ee
-Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:1
+Policy: 16382f282d7b29ee27e6460151d03382
+Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: No
Protected with 2 protectors:
@@ -649,16 +649,16 @@ Enter key file for protector "Skeleton": secret.key
"/mnt/disk/dir1" is now unlocked and ready for use.
# The protector can also be removed from the policy (if it is not the only one)
->>>>> fscrypt metadata remove-protector-from-policy --protector=/mnt/disk:2c75f519b9c9959d --policy=/mnt/disk:16382f282d7b29ee
+>>>>> fscrypt metadata remove-protector-from-policy --protector=/mnt/disk:2c75f519b9c9959d --policy=/mnt/disk:16382f282d7b29ee27e6460151d03382
WARNING: All files using this policy will NO LONGER be accessible with this protector!!
-Stop protecting policy 16382f282d7b29ee with protector 2c75f519b9c9959d? [y/N] y
-Protector 2c75f519b9c9959d no longer protecting policy 16382f282d7b29ee.
+Stop protecting policy 16382f282d7b29ee27e6460151d03382 with protector 2c75f519b9c9959d? [y/N] y
+Protector 2c75f519b9c9959d no longer protecting policy 16382f282d7b29ee27e6460151d03382.
```
#### Quiet Version
```bash
->>>>> echo "hunter2" | fscrypt metadata add-protector-to-policy --protector=/mnt/disk:2c75f519b9c9959d --policy=/mnt/disk:16382f282d7b29ee --key=secret.key --quiet
->>>>> fscrypt metadata remove-protector-from-policy --protector=/mnt/disk:2c75f519b9c9959d --policy=/mnt/disk:16382f282d7b29ee --quiet --force
+>>>>> echo "hunter2" | fscrypt metadata add-protector-to-policy --protector=/mnt/disk:2c75f519b9c9959d --policy=/mnt/disk:16382f282d7b29ee27e6460151d03382 --key=secret.key --quiet
+>>>>> fscrypt metadata remove-protector-from-policy --protector=/mnt/disk:2c75f519b9c9959d --policy=/mnt/disk:16382f282d7b29ee27e6460151d03382 --quiet --force
```
## Contributing
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-10 19:44:35 +0000