blob: c0f92791310fbe81784530209e7f1d69243d9e2f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
# Encrypt directory
"MNT/dir" is encrypted with fscrypt.
Policy: desc1
Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes
Protected with 1 protector:
PROTECTOR LINKED DESCRIPTION
desc2 No custom protector "prot"
# Lock directory
"MNT/dir" is now locked.
# => filenames should be in encrypted form
cat: MNT/dir/file: No such file or directory
# => shouldn't be able to create a subdirectory
mkdir: cannot create directory 'MNT/dir/subdir': Required key not available
# Unlock directory
Enter custom passphrase for protector "prot": "MNT/dir" is now unlocked and ready for use.
"MNT/dir" is encrypted with fscrypt.
Policy: desc1
Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes
Protected with 1 protector:
PROTECTOR LINKED DESCRIPTION
desc2 No custom protector "prot"
contents
# Try to lock directory while files busy
[ERROR] fscrypt lock: some files using the key are still open
Directory was incompletely locked because some files are still open. These files
remain accessible. Try killing any processes using files in the directory, then
re-running 'fscrypt lock'.
# => status should be incompletely locked
"MNT/dir" is encrypted with fscrypt.
Policy: desc1
Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Partially (incompletely locked)
Protected with 1 protector:
PROTECTOR LINKED DESCRIPTION
desc2 No custom protector "prot"
# => open file should still be readable
contents
# => shouldn't be able to create a new file
bash: MNT/dir/file2: Required key not available
# Finish locking directory
"MNT/dir" is now locked.
"MNT/dir" is encrypted with fscrypt.
Policy: desc1
Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: No
Protected with 1 protector:
PROTECTOR LINKED DESCRIPTION
desc2 No custom protector "prot"
cat: MNT/dir/file: No such file or directory
mkdir: cannot create directory 'MNT/dir/subdir': Required key not available
# Try to lock directory while other user has unlocked
Enter custom passphrase for protector "prot": "MNT/dir" is now unlocked and ready for use.
[ERROR] fscrypt lock: other users have added the key too
Directory couldn't be fully locked because other user(s) have unlocked it. If
you want to force the directory to be locked, use 'sudo fscrypt lock --all-users
DIR'.
contents
"MNT/dir" is now locked.
cat: MNT/dir/file: No such file or directory
|
