blob: 26cb4511c87511c7d1e76a0965e96c8716fa2d22 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
# Try to encrypt a nonexistent directory
[ERROR] fscrypt encrypt: no such file or directory
ext4 filesystem "MNT" has 0 protectors and 0 policies
[ERROR] fscrypt status: file or directory "MNT/dir" is not
encrypted
# Try to encrypt a nonempty directory
[ERROR] fscrypt encrypt: Directory "MNT/dir" cannot be
encrypted because it is non-empty.
Files cannot be encrypted in-place. Instead, encrypt a new directory, copy the
files into it, and securely delete the original directory. For example:
mkdir MNT/dir.new
fscrypt encrypt MNT/dir.new
cp -a -T MNT/dir MNT/dir.new
find MNT/dir -type f -print0 | xargs -0 shred -n1 --remove=unlink
rm -rf MNT/dir
mv MNT/dir.new MNT/dir
Caution: due to the nature of modern storage devices and filesystems, the
original data may still be recoverable from disk. It's much better to encrypt
your files from the start.
ext4 filesystem "MNT" has 0 protectors and 0 policies
[ERROR] fscrypt status: file or directory "MNT/dir" is not
encrypted
# Encrypt a directory as non-root user
ext4 filesystem "MNT" has 1 protector and 1 policy
PROTECTOR LINKED DESCRIPTION
desc1 No custom protector "prot"
POLICY UNLOCKED PROTECTORS
desc2 Yes desc1
"MNT/dir" is encrypted with fscrypt.
Policy: desc2
Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes
Protected with 1 protector:
PROTECTOR LINKED DESCRIPTION
desc1 No custom protector "prot"
ext4 filesystem "MNT" has 1 protector and 1 policy
PROTECTOR LINKED DESCRIPTION
desc1 No custom protector "prot"
POLICY UNLOCKED PROTECTORS
desc2 Yes desc1
"MNT/dir" is encrypted with fscrypt.
Policy: desc2
Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes
Protected with 1 protector:
PROTECTOR LINKED DESCRIPTION
desc1 No custom protector "prot"
# Try to encrypt an already-encrypted directory
[ERROR] fscrypt encrypt: file or directory "MNT/dir" is
already encrypted
# Try to encrypt another user's directory as a non-root user
[ERROR] fscrypt encrypt: cannot encrypt "MNT/dir" because
it's owned by another user (root).
Encryption can only be enabled on a directory you own,
even if you have write access to the directory.
ext4 filesystem "MNT" has 0 protectors and 0 policies
[ERROR] fscrypt status: file or directory "MNT/dir" is not
encrypted
|
