projects / thirdparty / e2fsprogs.git / blame
| Commit | Line | Data |
|---|---|---|
| 1e734e72 | 1 | .TH E4CRYPT 8 "@E2FSPROGS_MONTH@ @E2FSPROGS_YEAR@" "E2fsprogs version @E2FSPROGS_VERSION@" |
| bfa4b350 IM |
2 | .SH NAME |
| 3 | e4crypt \- ext4 filesystem encryption utility | |
| 4 | .SH SYNOPSIS | |
| 75dd3c47 | 5 | .B e4crypt add_key -S \fR[\fB -k \fIkeyring\fR ] [\fB-v\fR] [\fB-q\fR] \fR[\fB -p \fIpad\fR ] [ \fIpath\fR ... ] |
| bc8f1ae5 TT |
6 | .br |
| 7 | .B e4crypt new_session | |
| bfa4b350 | 8 | .br |
| bc8f1ae5 TT |
9 | .B e4crypt get_policy \fIpath\fR ... |
| 10 | .br | |
| 75dd3c47 | 11 | .B e4crypt set_policy \fR[\fB -p \fIpad\fR ] \fIpolicy path\fR ... |
| bfa4b350 IM |
12 | .SH DESCRIPTION |
| 13 | .B e4crypt | |
| 14 | performs encryption management for ext4 file systems. | |
| 1e734e72 | 15 | .SH COMMANDS |
| bfa4b350 | 16 | .TP |
| 18e921a5 | 17 | .B e4crypt add_key \fR[\fB-vq\fR] [\fB-S\fI salt\fR ] [\fB-k \fIkeyring\fR ] [\fB -p \fIpad\fR ] [ \fIpath\fR ... ] |
| 1e734e72 TT |
18 | Prompts the user for a passphrase and inserts it into the specified |
| 19 | keyring. If no keyring is specified, e4crypt will use the session | |
| 20 | keyring if it exists or the user session keyring if it does not. | |
| 21 | .IP | |
| 18e921a5 TT |
22 | The |
| 23 | .I salt | |
| 24 | argument is interpreted in a number of different ways, depending on how | |
| 25 | its prefix value. If the first two characters are "s:", then the rest | |
| 26 | of the argument will be used as an text string and used as the salt | |
| 27 | value. If the first two characters are "0x", then the rest of the | |
| 28 | argument will be parsed as a hex string as used as the salt. If the | |
| 29 | first characters are "f:" then the rest of the argument will be | |
| 30 | interpreted as a filename from which the salt value will be read. If | |
| 31 | the string begins with a '/' character, it will similarly be treated as | |
| 32 | filename. Finally, if the | |
| 33 | .I salt | |
| 34 | argument can be parsed as a valid UUID, then the UUID value will be used | |
| 35 | as a salt value. | |
| 36 | .IP | |
| 37 | The | |
| 38 | .I keyring | |
| 39 | argument specifies the keyring to which the key should be added. | |
| 40 | .IP | |
| 41 | The | |
| 42 | .I pad | |
| 43 | value specifies the number of bytes of padding will be added to | |
| 44 | directory names for obfuscation purposes. Valid | |
| 45 | .I pad | |
| 46 | values are 4, 8, 16, and 32. | |
| 47 | .IP | |
| 1e734e72 | 48 | If one or more directory paths are specified, e4crypt will try to |
| 18e921a5 TT |
49 | set the policy of those directories to use the key just added by the |
| 50 | .B add_key | |
| 51 | command. | |
| bfa4b350 | 52 | .TP |
| bc8f1ae5 TT |
53 | .B e4crypt get_policy \fIpath\fR ... |
| 54 | Print the policy for the directories specified on the command line. | |
| 55 | .TP | |
| 1e734e72 TT |
56 | .B e4crypt new_session |
| 57 | Give the invoking process (typically a shell) a new session keyring, | |
| 58 | discarding its old session keyring. | |
| bfa4b350 | 59 | .TP |
| 75dd3c47 | 60 | .B e4crypt set_policy \fR[\fB -p \fIpad\fR ] \fIpolicy path\fR ... |
| 1e734e72 | 61 | Sets the policy for the directories specified on the command line. |
| bfa4b350 | 62 | All directories must be empty to set the policy; if the directory |
| bc8f1ae5 | 63 | already has a policy established, e4crypt will validate that the |
| 1e734e72 TT |
64 | policy matches what was specified. A policy is an encryption key |
| 65 | identifier consisting of 16 hexadecimal characters. | |
| bfa4b350 | 66 | .SH AUTHOR |
| 1e734e72 TT |
67 | Written by Michael Halcrow <mhalcrow@google.com>, Ildar Muslukhov |
| 68 | <muslukhovi@gmail.com>, and Theodore Ts'o <tytso@mit.edu> | |
| bfa4b350 | 69 | .SH SEE ALSO |
| 1e734e72 | 70 | .BR keyctl (1), |
| bfa4b350 IM |
71 | .BR mke2fs (8), |
| 72 | .BR mount (8). |