mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs-tools.git
synced 2024-11-27 03:33:35 +08:00
d322d47fa4
typo fix. Signed-off-by: Victor Westerhuis <victor@westerhu.is> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
103 lines
3.1 KiB
Groff
103 lines
3.1 KiB
Groff
.TH F2FSCRYPT 8
|
|
.SH NAME
|
|
f2fscrypt \- f2fs filesystem encryption utility
|
|
.SH SYNOPSIS
|
|
.B f2fscrypt add_key -S \fR[\fB -k \fIkeyring\fR ] [\fB-v\fR] [\fB-q\fR] [ \fI path\fR ... ]
|
|
.br
|
|
.B f2fscrypt new_session
|
|
.br
|
|
.B f2fscrypt get_policy \fIpath\fR ...
|
|
.br
|
|
.B f2fscrypt set_policy \fIpolicy path\fR ...
|
|
.SH DESCRIPTION
|
|
.B f2fscrypt
|
|
performs encryption management for f2fs file systems.
|
|
.SH COMMANDS
|
|
.TP
|
|
.B f2fscrypt add_key -S \fR[\fB -k \fIkeyring\fR ] [\fB-v\fR] [\fB-q\fR] [ \fI path\fR ... ]
|
|
Prompts the user for a passphrase and inserts it into the specified
|
|
keyring. If no keyring is specified, f2fscrypt will use the session
|
|
keyring if it exists or the user session keyring if it does not.
|
|
.IP
|
|
If one or more directory paths are specified, f2fscrypt will try to
|
|
set the policy of those directories to use the key just entered by
|
|
the user.
|
|
.TP
|
|
.B f2fscrypt get_policy \fIpath\fR ...
|
|
Print the policy for the directories specified on the command line.
|
|
.TP
|
|
.B f2fscrypt new_session
|
|
Give the invoking process (typically a shell) a new session keyring,
|
|
discarding its old session keyring.
|
|
.TP
|
|
.B f2fscrypt set_policy \fIpolicy path\fR ...
|
|
Sets the policy for the directories specified on the command line.
|
|
All directories must be empty to set the policy; if the directory
|
|
already has a policy established, f2fscrypt will validate that the
|
|
policy matches what was specified. A policy is an encryption key
|
|
identifier consisting of 16 hexadecimal characters.
|
|
.SH NOTES
|
|
The target directory must be empty.
|
|
.SH EXAMPLE
|
|
.nf
|
|
Formats a f2fs filesystem that supports encrypt.
|
|
|
|
.ft R
|
|
# mkfs.f2fs -O encrypt /dev/sdxx
|
|
# mount /dev/sdxx /encrypted/
|
|
# mkdir /encrypted/dir
|
|
|
|
.nf
|
|
First create the key in the keyring use an simple salt
|
|
(or generate a random salt).
|
|
Then use it to set the policy for the directory to be encrypted.
|
|
|
|
.ft R
|
|
# f2fscrypt add_key -S 0x1234
|
|
Enter passphrase (echo disabled):
|
|
Added key with descriptor [28e21cc0c4393da1]
|
|
|
|
# f2fscrypt set_policy 28e21cc0c4393da1 /encrypted/dir
|
|
Key with descriptor [28e21cc0c4393da1] applied to /encrypted/dir.
|
|
|
|
# touch /encrypted/dir/test.txt
|
|
# ls -l /encrypted/dir/
|
|
-rw-r--r--. 1 root root 0 Mar 5 21:41 test.txt
|
|
|
|
.nf
|
|
After each reboot, the same command can be used set the key for
|
|
decryption of the directory and its descendants.
|
|
|
|
.ft R
|
|
# ls -l /encrypted/dir/
|
|
-rw-r--r--. 1 root root 0 Mar 5 21:41 zbx7tsUEMLzh+AUVMkQcnB
|
|
|
|
# f2fscrypt get_policy /encrypted/dir/
|
|
/encrypted/dir/: 28e21cc0c4393da1
|
|
|
|
# f2fscrypt add_key -S 0x1234
|
|
Enter passphrase (echo disabled):
|
|
Added key with descriptor [28e21cc0c4393da1]
|
|
|
|
# ls -l /encrypted/dir/
|
|
-rw-r--r--. 1 root root 0 Mar 5 21:41 test.txt
|
|
|
|
.nf
|
|
Show process keyrings.
|
|
|
|
.ft R
|
|
# keyctl show
|
|
Session Keyring
|
|
84022412 --alswrv 0 0 keyring: _ses
|
|
204615789 --alswrv 0 65534 \\_ keyring: _uid.0
|
|
529474961 --alsw-v 0 0 \\_ logon: f2fs:28e21cc0c4393da1
|
|
|
|
.SH AUTHOR
|
|
Written by Kinglong Mee <kinglongmee@gmail.com>,
|
|
Migrated from e4crypt that Written by Michael Halcrow <mhalcrow@google.com>,
|
|
Ildar Muslukhov <muslukhovi@gmail.com>, and Theodore Ts'o <tytso@mit.edu>
|
|
.SH SEE ALSO
|
|
.BR keyctl (1),
|
|
.BR mkfs.f2fs (8),
|
|
.BR mount (8).
|