blob: e8e0e4152f63d07aef77f7e705a5bbf30ea5d7c9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
# Encrypt with login protector
See "MNT/dir/fscrypt_recovery_readme.txt" for important recovery instructions!
ext4 filesystem "MNT" has 2 protectors and 1 policy
PROTECTOR LINKED DESCRIPTION
desc1 Yes (MNT_ROOT) login protector for fscrypt-test-user
desc2 No custom protector "Recovery passphrase for dir"
POLICY UNLOCKED PROTECTORS
desc3 Yes desc1, desc2
ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies
PROTECTOR LINKED DESCRIPTION
desc1 No login protector for fscrypt-test-user
"MNT/dir" is encrypted with fscrypt.
Policy: desc3
Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes
Protected with 2 protectors:
PROTECTOR LINKED DESCRIPTION
desc1 Yes (MNT_ROOT) login protector for fscrypt-test-user
desc2 No custom protector "Recovery passphrase for dir"
# => Lock, then unlock with login passphrase
"MNT/dir" is now locked.
# => Lock, then unlock with recovery passphrase
"MNT/dir" is now locked.
# Encrypt with login protector, interactively
spawn fscrypt encrypt MNT/dir
The following protector sources are available:
1 - Your login passphrase (pam_passphrase)
2 - A custom passphrase (custom_passphrase)
3 - A raw 256-bit key (raw_key)
Enter the source number for the new protector [2 - custom_passphrase]: 1
Enter login passphrase for fscrypt-test-user:
Protector is on a different filesystem! Generate a recovery passphrase (recommended)? [Y/n] y
See "MNT/dir/fscrypt_recovery_readme.txt" for important recovery instructions!
"MNT/dir" is now encrypted, unlocked, and ready for use.
ext4 filesystem "MNT" has 2 protectors and 1 policy
PROTECTOR LINKED DESCRIPTION
desc10 Yes (MNT_ROOT) login protector for fscrypt-test-user
desc11 No custom protector "Recovery passphrase for dir"
POLICY UNLOCKED PROTECTORS
desc12 Yes desc10, desc11
ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies
PROTECTOR LINKED DESCRIPTION
desc10 No login protector for fscrypt-test-user
"MNT/dir" is encrypted with fscrypt.
Policy: desc12
Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes
Protected with 2 protectors:
PROTECTOR LINKED DESCRIPTION
desc10 Yes (MNT_ROOT) login protector for fscrypt-test-user
desc11 No custom protector "Recovery passphrase for dir"
# Encrypt with login protector as root
See "MNT/dir/fscrypt_recovery_readme.txt" for important recovery instructions!
ext4 filesystem "MNT" has 2 protectors and 1 policy
PROTECTOR LINKED DESCRIPTION
desc19 Yes (MNT_ROOT) login protector for fscrypt-test-user
desc20 No custom protector "Recovery passphrase for dir"
POLICY UNLOCKED PROTECTORS
desc21 Yes desc19, desc20
ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies
PROTECTOR LINKED DESCRIPTION
desc19 No login protector for fscrypt-test-user
"MNT/dir" is encrypted with fscrypt.
Policy: desc21
Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes
Protected with 2 protectors:
PROTECTOR LINKED DESCRIPTION
desc19 Yes (MNT_ROOT) login protector for fscrypt-test-user
desc20 No custom protector "Recovery passphrase for dir"
# Encrypt with login protector with --no-recovery
ext4 filesystem "MNT" has 1 protector and 1 policy
PROTECTOR LINKED DESCRIPTION
desc28 Yes (MNT_ROOT) login protector for fscrypt-test-user
POLICY UNLOCKED PROTECTORS
desc29 Yes desc28
ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies
PROTECTOR LINKED DESCRIPTION
desc28 No login protector for fscrypt-test-user
"MNT/dir" is encrypted with fscrypt.
Policy: desc29
Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes
Protected with 1 protector:
PROTECTOR LINKED DESCRIPTION
desc28 Yes (MNT_ROOT) login protector for fscrypt-test-user
# Encrypt with login protector on root fs (shouldn't generate a recovery passphrase)
"MNT_ROOT/dir" is encrypted with fscrypt.
Policy: desc34
Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes
Protected with 1 protector:
PROTECTOR LINKED DESCRIPTION
desc35 No login protector for fscrypt-test-user
ext4 filesystem "MNT_ROOT" has 1 protector and 1 policy
PROTECTOR LINKED DESCRIPTION
desc35 No login protector for fscrypt-test-user
POLICY UNLOCKED PROTECTORS
desc34 Yes desc35
# Try to give a login protector a name
[ERROR] fscrypt encrypt: cannot assign name "prot" to new login protector for
user "fscrypt-test-user" because login protectors are
identified by user, not by name.
To fix this, don't specify the --name=PROTECTOR_NAME option.
ext4 filesystem "MNT" has 0 protectors and 0 policies
ext4 filesystem "MNT_ROOT" has 0 protectors and 0 policies
[ERROR] fscrypt status: file or directory "MNT/dir" is not
encrypted
# Try to use the wrong login passphrase
[ERROR] fscrypt encrypt: incorrect login passphrase
ext4 filesystem "MNT" has 0 protectors and 0 policies
ext4 filesystem "MNT_ROOT" has 0 protectors and 0 policies
[ERROR] fscrypt status: file or directory "MNT/dir" is not
encrypted
|
