# Encrypt directory with --skip-unlock

# => Check dir status
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
Unlocked: No

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"
touch: cannot touch 'MNT/dir/file': Required key not available

# => Get policy status via mount:
desc1  No        desc2

# Unlock directory
Enter custom passphrase for protector "prot": "MNT/dir" is now unlocked and ready for use.

# => Check dir status
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
Unlocked: Yes

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"

# => Get policy status via mount:
desc1  Yes       desc2

# Lock by cycling mount

# => Check dir status
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
Unlocked: No

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"
mkdir: cannot create directory 'MNT/dir/subdir': Required key not available

# => Get policy status via mount:
desc1  No        desc2

# Try to unlock with wrong passphrase
[ERROR] fscrypt unlock: incorrect key provided
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
Unlocked: No

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"

# Unlock directory
Enter custom passphrase for protector "prot": "MNT/dir" is now unlocked and ready for use.

# => Check dir status
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
Unlocked: Yes

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"
contents

# => Get policy status via mount:
desc1  Yes       desc2

# Try to unlock with corrupt policy metadata
[ERROR] fscrypt unlock: MNT/dir: system error: missing
                        policy metadata for encrypted directory

This file or directory has either been encrypted with another tool (such as
e4crypt) or the corresponding filesystem metadata has been deleted.

# Try to unlock with missing policy metadata
[ERROR] fscrypt unlock: MNT/dir: system error: missing
                        policy metadata for encrypted directory

This file or directory has either been encrypted with another tool (such as
e4crypt) or the corresponding filesystem metadata has been deleted.

# Try to unlock with missing protector metadata
[ERROR] fscrypt unlock: could not load any protectors

You may need to mount a linked filesystem. Run with --verbose for more
information.