From 22d55a32319060fb9e1f51017558aa7a813f128a Mon Sep 17 00:00:00 2001 From: Joseph Richey Date: Wed, 4 Oct 2017 04:52:57 -0700 Subject: Initial framework for man pages --- man/fscrypt-config.8.md | 10 +++ man/fscrypt-enable.8.md | 10 +++ man/fscrypt-encrypt.8.md | 13 ++++ man/fscrypt-metadata.8.md | 10 +++ man/fscrypt-purge.8.md | 10 +++ man/fscrypt-setup.8.md | 12 ++++ man/fscrypt-status.8.md | 14 +++++ man/fscrypt-unlock.8.md | 11 ++++ man/fscrypt.8.md | 136 +++++++++++++++++++++++++++++++++++++++++ man/man8/fscrypt-config.8.gz | Bin 0 -> 20 bytes man/man8/fscrypt-enable.8.gz | Bin 0 -> 20 bytes man/man8/fscrypt-encrypt.8.gz | Bin 0 -> 20 bytes man/man8/fscrypt-metadata.8.gz | Bin 0 -> 20 bytes man/man8/fscrypt-purge.8.gz | Bin 0 -> 20 bytes man/man8/fscrypt-setup.8.gz | Bin 0 -> 20 bytes man/man8/fscrypt-status.8.gz | Bin 0 -> 20 bytes man/man8/fscrypt-unlock.8.gz | Bin 0 -> 20 bytes man/man8/fscrypt.8.gz | Bin 0 -> 20 bytes man/man8/pam_fscrypt.8.gz | Bin 0 -> 20 bytes man/pam_fscrypt.8.md | 10 +++ 20 files changed, 236 insertions(+) create mode 100644 man/fscrypt-config.8.md create mode 100644 man/fscrypt-enable.8.md create mode 100644 man/fscrypt-encrypt.8.md create mode 100644 man/fscrypt-metadata.8.md create mode 100644 man/fscrypt-purge.8.md create mode 100644 man/fscrypt-setup.8.md create mode 100644 man/fscrypt-status.8.md create mode 100644 man/fscrypt-unlock.8.md create mode 100644 man/fscrypt.8.md create mode 100644 man/man8/fscrypt-config.8.gz create mode 100644 man/man8/fscrypt-enable.8.gz create mode 100644 man/man8/fscrypt-encrypt.8.gz create mode 100644 man/man8/fscrypt-metadata.8.gz create mode 100644 man/man8/fscrypt-purge.8.gz create mode 100644 man/man8/fscrypt-setup.8.gz create mode 100644 man/man8/fscrypt-status.8.gz create mode 100644 man/man8/fscrypt-unlock.8.gz create mode 100644 man/man8/fscrypt.8.gz create mode 100644 man/man8/pam_fscrypt.8.gz create mode 100644 man/pam_fscrypt.8.md (limited to 'man') diff --git a/man/fscrypt-config.8.md b/man/fscrypt-config.8.md new file mode 100644 index 0000000..a592088 --- /dev/null +++ b/man/fscrypt-config.8.md @@ -0,0 +1,10 @@ +fscrypt-config(8) -- configuration file for fscrypt +=================================================== + +## SYNOPSIS + +`/etc/fscrypt.conf` + +## DESCRIPTION + +TODO \ No newline at end of file diff --git a/man/fscrypt-enable.8.md b/man/fscrypt-enable.8.md new file mode 100644 index 0000000..d3a7132 --- /dev/null +++ b/man/fscrypt-enable.8.md @@ -0,0 +1,10 @@ +fscrypt-enable(8) -- enable/disable ext4 filesystem encryption +============================================================== + +## SYNOPSIS + +**fscrypt enable** _mountpoint_ [`--disable`] [`--force`] + +## DESCRIPTION + +TODO \ No newline at end of file diff --git a/man/fscrypt-encrypt.8.md b/man/fscrypt-encrypt.8.md new file mode 100644 index 0000000..7d2d8ef --- /dev/null +++ b/man/fscrypt-encrypt.8.md @@ -0,0 +1,13 @@ +fscrypt-encrypt(8) -- start encrypting an empty directory with fscrypt +====================================================================== + +## SYNOPSIS + +**fscrypt encrypt** _directory_ + [`--source`=_source_ [`--name`=_name_]] + [`--protector`=_mountpoint:id_ [`--policy`=_mountpoint:id_]] + [`--key`=_file_] [`--user`=username] [`--skip-unlock`] + +## DESCRIPTION + +TODO \ No newline at end of file diff --git a/man/fscrypt-metadata.8.md b/man/fscrypt-metadata.8.md new file mode 100644 index 0000000..da84ccc --- /dev/null +++ b/man/fscrypt-metadata.8.md @@ -0,0 +1,10 @@ +fscrypt-metadata(8) -- manipulate fscrypt policy or protector metadata +====================================================================== + +## SYNOPSIS + +TODO many to list + +## DESCRIPTION + +TODO warning \ No newline at end of file diff --git a/man/fscrypt-purge.8.md b/man/fscrypt-purge.8.md new file mode 100644 index 0000000..c171fb6 --- /dev/null +++ b/man/fscrypt-purge.8.md @@ -0,0 +1,10 @@ +fscrypt-purge(8) -- remove fscrypt keys for an encrypted directory +================================================================== + +## SYNOPSIS + +**fscrypt purge** _mountpoint_ [`--drop-caches=false`] [`--user`=username] [`--force`] + +## DESCRIPTION + +TODO \ No newline at end of file diff --git a/man/fscrypt-setup.8.md b/man/fscrypt-setup.8.md new file mode 100644 index 0000000..7c160f2 --- /dev/null +++ b/man/fscrypt-setup.8.md @@ -0,0 +1,12 @@ +fscrypt-unlock(8) -- setup a system or filesystem to use fscrypt +================================================================ + +## SYNOPSIS + +**fscrypt setup** [`--time`=_time_] [`--legacy`] [`--force`] + +**fscrypt setup** _directory_ [`--force`] + +## DESCRIPTION + +TODO \ No newline at end of file diff --git a/man/fscrypt-status.8.md b/man/fscrypt-status.8.md new file mode 100644 index 0000000..f43d469 --- /dev/null +++ b/man/fscrypt-status.8.md @@ -0,0 +1,14 @@ +fscrypt-status(8) -- print the status of fscrypt +================================================ + +## SYNOPSIS + +**fscrypt status** + +**fscrypt status** _mountpoint_ + +**fscrypt status** _file_ + +## DESCRIPTION + +TODO \ No newline at end of file diff --git a/man/fscrypt-unlock.8.md b/man/fscrypt-unlock.8.md new file mode 100644 index 0000000..436ef73 --- /dev/null +++ b/man/fscrypt-unlock.8.md @@ -0,0 +1,11 @@ +fscrypt-unlock(8) -- unlock a directory encrypted with fscrypt +============================================================== + +## SYNOPSIS + +**fscrypt unlock** _directory_ [`--protector`=_mountpoint:id_] + [`--key`=_file_] [`--user`=_username_] + +## DESCRIPTION + +TODO \ No newline at end of file diff --git a/man/fscrypt.8.md b/man/fscrypt.8.md new file mode 100644 index 0000000..0005458 --- /dev/null +++ b/man/fscrypt.8.md @@ -0,0 +1,136 @@ +fscrypt(8) -- manage linux filesystem encryption +================================================ + +## SYNOPSIS + +**fscrypt** _command_ [arguments] [command options] [`--quiet` | `--verbose`] + +**fscrypt** [_command_] `--help` + +**fscrypt** `--version` + +## DESCRIPTION + +TODO + +## WARNINGS + +TODO + +## ALTERNATIVE TOOLS + +**fscrypt** only manages native filesystem encryption. The encryption tools +below may suit your needs better. + +**fscryptctl**(8) also manages filesystem encryption, but it does so through a +very low-level interface. It applies policy identifiers to directories, and +provisions keys into the kernel keyring. If you want to manage key derivation, +key rotation, metadata, and PAM integration yourself, this is a more lightweight +alternative. + +Dm-crypt encrypts an entire block device with a single master key. dm-crypt can +be used with or without **fscrypt**. All filesystem data (including all +filesystem metadata) is encrypted with this single key when using dm-crypt, +while **fscrypt** only encrypts the filenames and file contents in a specified +directory. See **cryptsetup**(8) for more information. + +It is possible to use both dm-crypt and **fscrypt** simultaneously, giving the +protections and benefits of both. One example of a reasonable setup could +involve using dm-crypt with a TPM or Secure boot key, while using **fscrypt** +on the contents of a home directory. This would still encrypt the entire drive, +but would also tie the encryption of a user's personal documents to their +passphrase. However, this may cause a decrease in your performance, as file +contents can be encrypted twice. + +eCryptfs is another form of filesystem encryption on Linux; it encrypts a +filesystem directory with some key or passphrase. eCryptfs sits on top of an +existing filesystem. This makes eCryptfs an alternative choice if your +filesystem or kernel does not support native filesystem encryption. See +**ecryptfs**(7) for more information. + +## REQUIREMENTS + +TODO + +## OVERVIEW + +TODO: Protectors, Policies, Keyring + +## COMMANDS + +**fscrypt** has multiple _command_ values, each of which can be used with the +common options (in this page) and command-specific options (found in the +below pages). + +* **fscrypt-enable**(8): + Enable encryption on an ext4 filesystem. +* **fscrypt-setup**(8): + Create necessary global or per-filesystem files. +* **fscrypt-encrypt**(8): + Start encrypting an empty directory. +* **fscrypt-unlock**(8): + Unlock an encrypted directory. +* **fscrypt-purge**(8): + Remove the keys for an encrypted directory. +* **fscrypt-status**(8): + Print the status of the system, a filesystem, or a file. +* **fscrypt-metadata**(8): + Manipulate the policy or protector metadata. **Warning:** this is an + _expert_ command that can easily cause data loss. Use with care. + +## OPTIONS + +* `--help`: + Show the help text for fscrypt, using the man pages if possible. +* `--version`: + Show the version and copyright information. +* `--verbose`: + Print additional debug messages to standard output. +* `--quiet`: + Print nothing to standard output except for errors. Select the default for + any options that would normally show a prompt. + +## RETURN VALUES + +On success, all **fscrypt** commands return 0. On failure, commands will return +1 and print the corresponding cause of failure to stderr. + +## EXAMPLES + +TODO + +```bash +# Create the global configuration file. Nothing else needs root. +>>>>> sudo fscrypt setup +Create "/etc/fscrypt.conf"? [Y/n] y +Customizing passphrase hashing difficulty for this system... +Created global config file at "/etc/fscrypt.conf". +``` + +## BUGS + +Any bugs, problems, or design discussion relating to **fscrypt** should be +raised in the +[Github Issue Tracker](https://github.com/google/fscrypt/issues/new). + +**IMPORTANT:** Any significant security issues should **NOT** be reported in +the public issue tracker. Practice responsible disclosure by emailing + and directly. + +## AUTHOR + +Joe Richey + +## COPYRIGHT + +Copyright 2017 Google Inc. under the [Apache 2.0 License](https://www.apache.org/licenses/LICENSE-2.0). + +## SEE ALSO + +**fscrypt-enable**(8) **fscrypt-setup**(8) **fscrypt-encrypt**(8) +**fscrypt-unlock**(8) **fscrypt-purge**(8) **fscrypt-status**(8) +**fscrypt-metadata**(8) **fscrypt-config**(8) **pam_fscrypt**(8) +**fscryptctl**(8) + +[**fscrypt**'s upstream repository](https://github.com/google/fscrypt) contains FAQs, known issues, longer examples, and information about building, +testing, and contributing to **fscrypt**. \ No newline at end of file diff --git a/man/man8/fscrypt-config.8.gz b/man/man8/fscrypt-config.8.gz new file mode 100644 index 0000000..44dd74b Binary files /dev/null and b/man/man8/fscrypt-config.8.gz differ diff --git a/man/man8/fscrypt-enable.8.gz b/man/man8/fscrypt-enable.8.gz new file mode 100644 index 0000000..f06a988 Binary files /dev/null and b/man/man8/fscrypt-enable.8.gz differ diff --git a/man/man8/fscrypt-encrypt.8.gz b/man/man8/fscrypt-encrypt.8.gz new file mode 100644 index 0000000..33357d8 Binary files /dev/null and b/man/man8/fscrypt-encrypt.8.gz differ diff --git a/man/man8/fscrypt-metadata.8.gz b/man/man8/fscrypt-metadata.8.gz new file mode 100644 index 0000000..33357d8 Binary files /dev/null and b/man/man8/fscrypt-metadata.8.gz differ diff --git a/man/man8/fscrypt-purge.8.gz b/man/man8/fscrypt-purge.8.gz new file mode 100644 index 0000000..33357d8 Binary files /dev/null and b/man/man8/fscrypt-purge.8.gz differ diff --git a/man/man8/fscrypt-setup.8.gz b/man/man8/fscrypt-setup.8.gz new file mode 100644 index 0000000..f06a988 Binary files /dev/null and b/man/man8/fscrypt-setup.8.gz differ diff --git a/man/man8/fscrypt-status.8.gz b/man/man8/fscrypt-status.8.gz new file mode 100644 index 0000000..33357d8 Binary files /dev/null and b/man/man8/fscrypt-status.8.gz differ diff --git a/man/man8/fscrypt-unlock.8.gz b/man/man8/fscrypt-unlock.8.gz new file mode 100644 index 0000000..33357d8 Binary files /dev/null and b/man/man8/fscrypt-unlock.8.gz differ diff --git a/man/man8/fscrypt.8.gz b/man/man8/fscrypt.8.gz new file mode 100644 index 0000000..33357d8 Binary files /dev/null and b/man/man8/fscrypt.8.gz differ diff --git a/man/man8/pam_fscrypt.8.gz b/man/man8/pam_fscrypt.8.gz new file mode 100644 index 0000000..33357d8 Binary files /dev/null and b/man/man8/pam_fscrypt.8.gz differ diff --git a/man/pam_fscrypt.8.md b/man/pam_fscrypt.8.md new file mode 100644 index 0000000..7d02ddb --- /dev/null +++ b/man/pam_fscrypt.8.md @@ -0,0 +1,10 @@ +pam_fscrypt(8) -- PAM module for fscrypt +======================================== + +## SYNOPSIS + +**pam_fscrypt.so** [`drop_caches`] [`lock_policies`] [`debug`] + +## DESCRIPTION + +TODO \ No newline at end of file -- cgit v1.2.3