aboutsummaryrefslogtreecommitdiff
path: root/cli-tests/t_encrypt_login.out
blob: c6eb46307788fd1cb75fbe12f49baf29aad58043 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

# Encrypt with login protector
See "MNT/dir/fscrypt_recovery_readme.txt" for important recovery instructions!
ext4 filesystem "MNT" has 2 protectors and 1 policy

PROTECTOR         LINKED                              DESCRIPTION
desc1  Yes (MNT_ROOT)  login protector for fscrypt-test-user
desc2  No                                  custom protector "Recovery passphrase for dir"

POLICY                            UNLOCKED  PROTECTORS
desc3  Yes       desc1, desc2
ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies

PROTECTOR         LINKED  DESCRIPTION
desc1  No      login protector for fscrypt-test-user
"MNT/dir" is encrypted with fscrypt.

Policy:   desc3
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
Unlocked: Yes

Protected with 2 protectors:
PROTECTOR         LINKED                              DESCRIPTION
desc1  Yes (MNT_ROOT)  login protector for fscrypt-test-user
desc2  No                                  custom protector "Recovery passphrase for dir"

# => Lock, then unlock with login passphrase
"MNT/dir" is now locked.

# => Lock, then unlock with recovery passphrase
"MNT/dir" is now locked.

# Encrypt with login protector, interactively
spawn fscrypt encrypt MNT/dir
The following protector sources are available:
1 - Your login passphrase (pam_passphrase)
2 - A custom passphrase (custom_passphrase)
3 - A raw 256-bit key (raw_key)
Enter the source number for the new protector [2 - custom_passphrase]: 1
Enter login passphrase for fscrypt-test-user: 
Protector is on a different filesystem! Generate a recovery passphrase (recommended)? [Y/n] y
See "MNT/dir/fscrypt_recovery_readme.txt" for important recovery instructions!
"MNT/dir" is now encrypted, unlocked, and ready for use.
ext4 filesystem "MNT" has 2 protectors and 1 policy

PROTECTOR         LINKED                              DESCRIPTION
desc10  Yes (MNT_ROOT)  login protector for fscrypt-test-user
desc11  No                                  custom protector "Recovery passphrase for dir"

POLICY                            UNLOCKED  PROTECTORS
desc12  Yes       desc10, desc11
ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies

PROTECTOR         LINKED  DESCRIPTION
desc10  No      login protector for fscrypt-test-user
"MNT/dir" is encrypted with fscrypt.

Policy:   desc12
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
Unlocked: Yes

Protected with 2 protectors:
PROTECTOR         LINKED                              DESCRIPTION
desc10  Yes (MNT_ROOT)  login protector for fscrypt-test-user
desc11  No                                  custom protector "Recovery passphrase for dir"

# Encrypt with login protector as root
See "MNT/dir/fscrypt_recovery_readme.txt" for important recovery instructions!
ext4 filesystem "MNT" has 2 protectors and 1 policy

PROTECTOR         LINKED                              DESCRIPTION
desc19  Yes (MNT_ROOT)  login protector for fscrypt-test-user
desc20  No                                  custom protector "Recovery passphrase for dir"

POLICY                            UNLOCKED  PROTECTORS
desc21  Yes       desc19, desc20
ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies

PROTECTOR         LINKED  DESCRIPTION
desc19  No      login protector for fscrypt-test-user
"MNT/dir" is encrypted with fscrypt.

Policy:   desc21
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
Unlocked: Yes

Protected with 2 protectors:
PROTECTOR         LINKED                              DESCRIPTION
desc19  Yes (MNT_ROOT)  login protector for fscrypt-test-user
desc20  No                                  custom protector "Recovery passphrase for dir"

# Encrypt with login protector with --no-recovery
ext4 filesystem "MNT" has 1 protector and 1 policy

PROTECTOR         LINKED                              DESCRIPTION
desc28  Yes (MNT_ROOT)  login protector for fscrypt-test-user

POLICY                            UNLOCKED  PROTECTORS
desc29  Yes       desc28
ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies

PROTECTOR         LINKED  DESCRIPTION
desc28  No      login protector for fscrypt-test-user
"MNT/dir" is encrypted with fscrypt.

Policy:   desc29
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
Unlocked: Yes

Protected with 1 protector:
PROTECTOR         LINKED                              DESCRIPTION
desc28  Yes (MNT_ROOT)  login protector for fscrypt-test-user

# Encrypt with login protector on root fs (shouldn't generate a recovery passphrase)
"MNT_ROOT/dir" is encrypted with fscrypt.

Policy:   desc34
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
Unlocked: Yes

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc35  No      login protector for fscrypt-test-user
ext4 filesystem "MNT_ROOT" has 1 protector and 1 policy

PROTECTOR         LINKED  DESCRIPTION
desc35  No      login protector for fscrypt-test-user

POLICY                            UNLOCKED  PROTECTORS
desc34  Yes       desc35

# Try to give a login protector a name
[ERROR] fscrypt encrypt: login protectors do not need a name
ext4 filesystem "MNT" has 0 protectors and 0 policies

ext4 filesystem "MNT_ROOT" has 0 protectors and 0 policies

[ERROR] fscrypt status: get encryption policy MNT/dir: file
                        or directory not encrypted

# Try to use the wrong login passphrase
[ERROR] fscrypt encrypt: incorrect login passphrase
ext4 filesystem "MNT" has 0 protectors and 0 policies

ext4 filesystem "MNT_ROOT" has 0 protectors and 0 policies

[ERROR] fscrypt status: get encryption policy MNT/dir: file
                        or directory not encrypted
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-10 17:18:37 +0000