]>
Commit | Line | Data |
---|---|---|
1e734e72 | 1 | .TH E4CRYPT 8 "@E2FSPROGS_MONTH@ @E2FSPROGS_YEAR@" "E2fsprogs version @E2FSPROGS_VERSION@" |
bfa4b350 IM |
2 | .SH NAME |
3 | e4crypt \- ext4 filesystem encryption utility | |
4 | .SH SYNOPSIS | |
75dd3c47 | 5 | .B e4crypt add_key -S \fR[\fB -k \fIkeyring\fR ] [\fB-v\fR] [\fB-q\fR] \fR[\fB -p \fIpad\fR ] [ \fIpath\fR ... ] |
bc8f1ae5 TT |
6 | .br |
7 | .B e4crypt new_session | |
bfa4b350 | 8 | .br |
bc8f1ae5 TT |
9 | .B e4crypt get_policy \fIpath\fR ... |
10 | .br | |
75dd3c47 | 11 | .B e4crypt set_policy \fR[\fB -p \fIpad\fR ] \fIpolicy path\fR ... |
bfa4b350 IM |
12 | .SH DESCRIPTION |
13 | .B e4crypt | |
14 | performs encryption management for ext4 file systems. | |
1e734e72 | 15 | .SH COMMANDS |
bfa4b350 | 16 | .TP |
18e921a5 | 17 | .B e4crypt add_key \fR[\fB-vq\fR] [\fB-S\fI salt\fR ] [\fB-k \fIkeyring\fR ] [\fB -p \fIpad\fR ] [ \fIpath\fR ... ] |
1e734e72 TT |
18 | Prompts the user for a passphrase and inserts it into the specified |
19 | keyring. If no keyring is specified, e4crypt will use the session | |
20 | keyring if it exists or the user session keyring if it does not. | |
21 | .IP | |
18e921a5 TT |
22 | The |
23 | .I salt | |
24 | argument is interpreted in a number of different ways, depending on how | |
25 | its prefix value. If the first two characters are "s:", then the rest | |
26 | of the argument will be used as an text string and used as the salt | |
27 | value. If the first two characters are "0x", then the rest of the | |
28 | argument will be parsed as a hex string as used as the salt. If the | |
29 | first characters are "f:" then the rest of the argument will be | |
30 | interpreted as a filename from which the salt value will be read. If | |
31 | the string begins with a '/' character, it will similarly be treated as | |
32 | filename. Finally, if the | |
33 | .I salt | |
34 | argument can be parsed as a valid UUID, then the UUID value will be used | |
35 | as a salt value. | |
36 | .IP | |
37 | The | |
38 | .I keyring | |
39 | argument specifies the keyring to which the key should be added. | |
40 | .IP | |
41 | The | |
42 | .I pad | |
43 | value specifies the number of bytes of padding will be added to | |
44 | directory names for obfuscation purposes. Valid | |
45 | .I pad | |
46 | values are 4, 8, 16, and 32. | |
47 | .IP | |
1e734e72 | 48 | If one or more directory paths are specified, e4crypt will try to |
18e921a5 TT |
49 | set the policy of those directories to use the key just added by the |
50 | .B add_key | |
51 | command. | |
bfa4b350 | 52 | .TP |
bc8f1ae5 TT |
53 | .B e4crypt get_policy \fIpath\fR ... |
54 | Print the policy for the directories specified on the command line. | |
55 | .TP | |
1e734e72 TT |
56 | .B e4crypt new_session |
57 | Give the invoking process (typically a shell) a new session keyring, | |
58 | discarding its old session keyring. | |
bfa4b350 | 59 | .TP |
75dd3c47 | 60 | .B e4crypt set_policy \fR[\fB -p \fIpad\fR ] \fIpolicy path\fR ... |
1e734e72 | 61 | Sets the policy for the directories specified on the command line. |
bfa4b350 | 62 | All directories must be empty to set the policy; if the directory |
bc8f1ae5 | 63 | already has a policy established, e4crypt will validate that the |
1e734e72 TT |
64 | policy matches what was specified. A policy is an encryption key |
65 | identifier consisting of 16 hexadecimal characters. | |
bfa4b350 | 66 | .SH AUTHOR |
1e734e72 TT |
67 | Written by Michael Halcrow <mhalcrow@google.com>, Ildar Muslukhov |
68 | <muslukhovi@gmail.com>, and Theodore Ts'o <tytso@mit.edu> | |
bfa4b350 | 69 | .SH SEE ALSO |
1e734e72 | 70 | .BR keyctl (1), |
bfa4b350 IM |
71 | .BR mke2fs (8), |
72 | .BR mount (8). |