# Try to encrypt a nonexistent directory [ERROR] fscrypt encrypt: no such file or directory ext4 filesystem "MNT" has 0 protectors and 0 policies. All users can create fscrypt metadata on this filesystem. [ERROR] fscrypt status: file or directory "MNT/dir" is not encrypted # Try to encrypt a nonempty directory [ERROR] fscrypt encrypt: Directory "MNT/dir" cannot be encrypted because it is non-empty. Files cannot be encrypted in-place. Instead, encrypt a new directory, copy the files into it, and securely delete the original directory. For example: mkdir "MNT/dir.new" fscrypt encrypt "MNT/dir.new" cp -a -T "MNT/dir" "MNT/dir.new" find "MNT/dir" -type f -print0 | xargs -0 shred -n1 --remove=unlink rm -rf "MNT/dir" mv "MNT/dir.new" "MNT/dir" Caution: due to the nature of modern storage devices and filesystems, the original data may still be recoverable from disk. It's much better to encrypt your files from the start. ext4 filesystem "MNT" has 0 protectors and 0 policies. All users can create fscrypt metadata on this filesystem. [ERROR] fscrypt status: file or directory "MNT/dir" is not encrypted # => with trailing slash [ERROR] fscrypt encrypt: Directory "MNT/dir/" cannot be encrypted because it is non-empty. Files cannot be encrypted in-place. Instead, encrypt a new directory, copy the files into it, and securely delete the original directory. For example: mkdir "MNT/dir.new" fscrypt encrypt "MNT/dir.new" cp -a -T "MNT/dir" "MNT/dir.new" find "MNT/dir" -type f -print0 | xargs -0 shred -n1 --remove=unlink rm -rf "MNT/dir" mv "MNT/dir.new" "MNT/dir" Caution: due to the nature of modern storage devices and filesystems, the original data may still be recoverable from disk. It's much better to encrypt your files from the start. ext4 filesystem "MNT" has 0 protectors and 0 policies. All users can create fscrypt metadata on this filesystem. [ERROR] fscrypt status: file or directory "MNT/dir" is not encrypted # Encrypt a directory as non-root user ext4 filesystem "MNT" has 1 protector and 1 policy. All users can create fscrypt metadata on this filesystem. PROTECTOR LINKED DESCRIPTION desc1 No custom protector "prot" POLICY UNLOCKED PROTECTORS desc2 Yes desc1 "MNT/dir" is encrypted with fscrypt. Policy: desc2 Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 Unlocked: Yes Protected with 1 protector: PROTECTOR LINKED DESCRIPTION desc1 No custom protector "prot" ext4 filesystem "MNT" has 1 protector and 1 policy (only including ones owned by fscrypt-test-user or root). All users can create fscrypt metadata on this filesystem. PROTECTOR LINKED DESCRIPTION desc1 No custom protector "prot" POLICY UNLOCKED PROTECTORS desc2 Yes desc1 "MNT/dir" is encrypted with fscrypt. Policy: desc2 Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 Unlocked: Yes Protected with 1 protector: PROTECTOR LINKED DESCRIPTION desc1 No custom protector "prot" # Try to encrypt an already-encrypted directory [ERROR] fscrypt encrypt: file or directory "MNT/dir" is already encrypted # Try to encrypt another user's directory as a non-root user [ERROR] fscrypt encrypt: cannot encrypt "MNT/dir" because it's owned by another user (root). Encryption can only be enabled on a directory you own, even if you have write access to the directory. ext4 filesystem "MNT" has 0 protectors and 0 policies. All users can create fscrypt metadata on this filesystem. [ERROR] fscrypt status: file or directory "MNT/dir" is not encrypted