1F2FSCRYPT(8)                System Manager's Manual               F2FSCRYPT(8)
2
3
4

NAME

6       f2fscrypt - f2fs filesystem encryption utility
7

SYNOPSIS

9       f2fscrypt add_key -S [ -k keyring ] [-v] [-q] [  path ... ]
10       f2fscrypt new_session
11       f2fscrypt get_policy path ...
12       f2fscrypt set_policy policy path ...
13

DESCRIPTION

15       f2fscrypt performs encryption management for f2fs file systems.
16

COMMANDS

18       f2fscrypt add_key -S [ -k keyring ] [-v] [-q] [  path ... ]
19              Prompts the user for a passphrase and inserts it into the speci‐
20              fied keyring.  If no keyring is specified,  f2fscrypt  will  use
21              the  session keyring if it exists or the user session keyring if
22              it does not.
23
24              If one or more directory paths are specified, f2fscrypt will try
25              to  set  the  policy  of  those  directories to use the key just
26              entered by the user.
27
28       f2fscrypt get_policy path ...
29              Print the policy for the directories specified  on  the  command
30              line.
31
32       f2fscrypt new_session
33              Give  the  invoking  process  (typically  a shell) a new session
34              keyring, discarding its old session keyring.
35
36       f2fscrypt set_policy policy path ...
37              Sets the policy for the directories  specified  on  the  command
38              line.   All  directories must be empty to set the policy; if the
39              directory already has a policy established, f2fscrypt will vali‐
40              date that the policy matches what was specified.  A policy is an
41              encryption key identifier consisting of 16  hexadecimal  charac‐
42              ters.
43

NOTES

45       The target directory must be empty.
46

EXAMPLE

48       Formats a f2fs filesytem that supports encrypt.
49
50       # mkfs.f2fs -O encrypt /dev/sdxx
51       # mount /dev/sdxx /encrypted/
52       # mkdir /encrypted/dir
53
54       First create the key in the keyring use an simple salt
55       (or generate a random salt).
56       Then use it to set the policy for the directory to be encrypted.
57
58       # f2fscrypt add_key -S 0x1234
59         Enter passphrase (echo disabled):
60         Added key with descriptor [28e21cc0c4393da1]
61
62       # f2fscrypt set_policy 28e21cc0c4393da1 /encrypted/dir
63         Key with descriptor [28e21cc0c4393da1] applied to /encrypted/dir.
64
65       # touch /encrypted/dir/test.txt
66       # ls -l /encrypted/dir/
67         -rw-r--r--. 1 root root 0 Mar  5 21:41 test.txt
68
69       After each reboot, the same command can be used set the key for
70       decryption of the directory and its descendants.
71
72       # ls -l /encrypted/dir/
73         -rw-r--r--. 1 root root 0 Mar  5 21:41 zbx7tsUEMLzh+AUVMkQcnB
74
75       # f2fscrypt get_policy /encrypted/dir/
76         /encrypted/dir/: 28e21cc0c4393da1
77
78       # f2fscrypt add_key -S 0x1234
79         Enter passphrase (echo disabled):
80         Added key with descriptor [28e21cc0c4393da1]
81
82       # ls -l /encrypted/dir/
83         -rw-r--r--. 1 root root 0 Mar  5 21:41 test.txt
84
85       Show process keyrings.
86
87       # keyctl show
88         Session Keyring
89           84022412 --alswrv      0     0  keyring: _ses
90          204615789 --alswrv      0 65534   \_ keyring: _uid.0
91          529474961 --alsw-v      0     0   \_ logon: f2fs:28e21cc0c4393da1
92
93

AUTHOR

95       Written  by Kinglong Mee <kinglongmee@gmail.com>, Migrated from e4crypt
96       that Written by Michael Halcrow <mhalcrow@google.com>, Ildar  Muslukhov
97       <muslukhovi@gmail.com>, and Theodore Ts'o <tytso@mit.edu>
98

SEE ALSO

100       keyctl(1), mkfs.f2fs(8), mount(8).
101
102
103
104                                                                  F2FSCRYPT(8)
Impressum