diff options
Diffstat (limited to 'cli-tests/t_encrypt.out')
| -rw-r--r-- | cli-tests/t_encrypt.out | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/cli-tests/t_encrypt.out b/cli-tests/t_encrypt.out new file mode 100644 index 0000000..4de05e4 --- /dev/null +++ b/cli-tests/t_encrypt.out @@ -0,0 +1,106 @@ + +# Try to encrypt a nonexistent directory +[ERROR] fscrypt encrypt: no such file or directory +ext4 filesystem "MNT" has 0 protectors and 0 policies. +All users can create fscrypt metadata on this filesystem. + +[ERROR] fscrypt status: file or directory "MNT/dir" is not + encrypted + +# Try to encrypt a nonempty directory +[ERROR] fscrypt encrypt: Directory "MNT/dir" cannot be + encrypted because it is non-empty. + +Files cannot be encrypted in-place. Instead, encrypt a new directory, copy the +files into it, and securely delete the original directory. For example: + + mkdir "MNT/dir.new" + fscrypt encrypt "MNT/dir.new" + cp -a -T "MNT/dir" "MNT/dir.new" + find "MNT/dir" -type f -print0 | xargs -0 shred -n1 --remove=unlink + rm -rf "MNT/dir" + mv "MNT/dir.new" "MNT/dir" + +Caution: due to the nature of modern storage devices and filesystems, the +original data may still be recoverable from disk. It's much better to encrypt +your files from the start. +ext4 filesystem "MNT" has 0 protectors and 0 policies. +All users can create fscrypt metadata on this filesystem. + +[ERROR] fscrypt status: file or directory "MNT/dir" is not + encrypted + +# => with trailing slash +[ERROR] fscrypt encrypt: Directory "MNT/dir/" cannot be + encrypted because it is non-empty. + +Files cannot be encrypted in-place. Instead, encrypt a new directory, copy the +files into it, and securely delete the original directory. For example: + + mkdir "MNT/dir.new" + fscrypt encrypt "MNT/dir.new" + cp -a -T "MNT/dir" "MNT/dir.new" + find "MNT/dir" -type f -print0 | xargs -0 shred -n1 --remove=unlink + rm -rf "MNT/dir" + mv "MNT/dir.new" "MNT/dir" + +Caution: due to the nature of modern storage devices and filesystems, the +original data may still be recoverable from disk. It's much better to encrypt +your files from the start. +ext4 filesystem "MNT" has 0 protectors and 0 policies. +All users can create fscrypt metadata on this filesystem. + +[ERROR] fscrypt status: file or directory "MNT/dir" is not + encrypted + +# Encrypt a directory as non-root user +ext4 filesystem "MNT" has 1 protector and 1 policy. +All users can create fscrypt metadata on this filesystem. + +PROTECTOR LINKED DESCRIPTION +desc1 No custom protector "prot" + +POLICY UNLOCKED PROTECTORS +desc2 Yes desc1 +"MNT/dir" is encrypted with fscrypt. + +Policy: desc2 +Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 +Unlocked: Yes + +Protected with 1 protector: +PROTECTOR LINKED DESCRIPTION +desc1 No custom protector "prot" +ext4 filesystem "MNT" has 1 protector and 1 policy (only including ones owned by fscrypt-test-user or root). +All users can create fscrypt metadata on this filesystem. + +PROTECTOR LINKED DESCRIPTION +desc1 No custom protector "prot" + +POLICY UNLOCKED PROTECTORS +desc2 Yes desc1 +"MNT/dir" is encrypted with fscrypt. + +Policy: desc2 +Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 +Unlocked: Yes + +Protected with 1 protector: +PROTECTOR LINKED DESCRIPTION +desc1 No custom protector "prot" + +# Try to encrypt an already-encrypted directory +[ERROR] fscrypt encrypt: file or directory "MNT/dir" is + already encrypted + +# Try to encrypt another user's directory as a non-root user +[ERROR] fscrypt encrypt: cannot encrypt "MNT/dir" because + it's owned by another user (root). + + Encryption can only be enabled on a directory you own, + even if you have write access to the directory. +ext4 filesystem "MNT" has 0 protectors and 0 policies. +All users can create fscrypt metadata on this filesystem. + +[ERROR] fscrypt status: file or directory "MNT/dir" is not + encrypted |