# Encrypt with login protector See "MNT/dir/fscrypt_recovery_readme.txt" for important recovery instructions! ext4 filesystem "MNT" has 2 protectors and 1 policy PROTECTOR LINKED DESCRIPTION desc1 Yes (MNT_ROOT) login protector for fscrypt-test-user desc2 No custom protector "Recovery passphrase for dir" POLICY UNLOCKED PROTECTORS desc3 Yes desc1, desc2 ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies PROTECTOR LINKED DESCRIPTION desc1 No login protector for fscrypt-test-user "MNT/dir" is encrypted with fscrypt. Policy: desc3 Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 Unlocked: Yes Protected with 2 protectors: PROTECTOR LINKED DESCRIPTION desc1 Yes (MNT_ROOT) login protector for fscrypt-test-user desc2 No custom protector "Recovery passphrase for dir" # => Lock, then unlock with login passphrase "MNT/dir" is now locked. # => Lock, then unlock with recovery passphrase "MNT/dir" is now locked. # Encrypt with login protector, interactively spawn fscrypt encrypt MNT/dir The following protector sources are available: 1 - Your login passphrase (pam_passphrase) 2 - A custom passphrase (custom_passphrase) 3 - A raw 256-bit key (raw_key) Enter the source number for the new protector [2 - custom_passphrase]: 1 IMPORTANT: Before continuing, ensure you have properly set up your system for login protectors. See https://github.com/google/fscrypt#setting-up-for-login-protectors Enter login passphrase for fscrypt-test-user: Protector is on a different filesystem! Generate a recovery passphrase (recommended)? [Y/n] y See "MNT/dir/fscrypt_recovery_readme.txt" for important recovery instructions! "MNT/dir" is now encrypted, unlocked, and ready for use. ext4 filesystem "MNT" has 2 protectors and 1 policy PROTECTOR LINKED DESCRIPTION desc10 Yes (MNT_ROOT) login protector for fscrypt-test-user desc11 No custom protector "Recovery passphrase for dir" POLICY UNLOCKED PROTECTORS desc12 Yes desc10, desc11 ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies PROTECTOR LINKED DESCRIPTION desc10 No login protector for fscrypt-test-user "MNT/dir" is encrypted with fscrypt. Policy: desc12 Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 Unlocked: Yes Protected with 2 protectors: PROTECTOR LINKED DESCRIPTION desc10 Yes (MNT_ROOT) login protector for fscrypt-test-user desc11 No custom protector "Recovery passphrase for dir" # Encrypt with login protector as root See "MNT/dir/fscrypt_recovery_readme.txt" for important recovery instructions! ext4 filesystem "MNT" has 2 protectors and 1 policy PROTECTOR LINKED DESCRIPTION desc19 Yes (MNT_ROOT) login protector for fscrypt-test-user desc20 No custom protector "Recovery passphrase for dir" POLICY UNLOCKED PROTECTORS desc21 Yes desc19, desc20 ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies PROTECTOR LINKED DESCRIPTION desc19 No login protector for fscrypt-test-user "MNT/dir" is encrypted with fscrypt. Policy: desc21 Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 Unlocked: Yes Protected with 2 protectors: PROTECTOR LINKED DESCRIPTION desc19 Yes (MNT_ROOT) login protector for fscrypt-test-user desc20 No custom protector "Recovery passphrase for dir" # Encrypt with login protector with --no-recovery ext4 filesystem "MNT" has 1 protector and 1 policy PROTECTOR LINKED DESCRIPTION desc28 Yes (MNT_ROOT) login protector for fscrypt-test-user POLICY UNLOCKED PROTECTORS desc29 Yes desc28 ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies PROTECTOR LINKED DESCRIPTION desc28 No login protector for fscrypt-test-user "MNT/dir" is encrypted with fscrypt. Policy: desc29 Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 Unlocked: Yes Protected with 1 protector: PROTECTOR LINKED DESCRIPTION desc28 Yes (MNT_ROOT) login protector for fscrypt-test-user # Encrypt with login protector on root fs (shouldn't generate a recovery passphrase) "MNT_ROOT/dir" is encrypted with fscrypt. Policy: desc34 Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 Unlocked: Yes Protected with 1 protector: PROTECTOR LINKED DESCRIPTION desc35 No login protector for fscrypt-test-user ext4 filesystem "MNT_ROOT" has 1 protector and 1 policy PROTECTOR LINKED DESCRIPTION desc35 No login protector for fscrypt-test-user POLICY UNLOCKED PROTECTORS desc34 Yes desc35 # Try to give a login protector a name [ERROR] fscrypt encrypt: cannot assign name "prot" to new login protector for user "fscrypt-test-user" because login protectors are identified by user, not by name. To fix this, don't specify the --name=PROTECTOR_NAME option. ext4 filesystem "MNT" has 0 protectors and 0 policies ext4 filesystem "MNT_ROOT" has 0 protectors and 0 policies [ERROR] fscrypt status: file or directory "MNT/dir" is not encrypted # Try to use the wrong login passphrase [ERROR] fscrypt encrypt: incorrect login passphrase ext4 filesystem "MNT" has 0 protectors and 0 policies ext4 filesystem "MNT_ROOT" has 0 protectors and 0 policies [ERROR] fscrypt status: file or directory "MNT/dir" is not encrypted