blob: 6c5e4706723ae5a853094faf3e36f7fd7af2cd11 [file] [log] [blame]
.TH E4CRYPT 8 "@E2FSPROGS_MONTH@ @E2FSPROGS_YEAR@" "E2fsprogs version @E2FSPROGS_VERSION@"
.SH NAME
e4crypt \- ext4 filesystem encryption utility
.SH SYNOPSIS
.B e4crypt add_key -S \fR[\fB -k \fIkeyring\fR ] [\fB-v\fR] [\fB-q\fR] [ \fI path\fR ... ]
.br
.B e4crypt new_session
.br
.B e4crypt get_policy \fIpath\fR ...
.br
.B e4crypt set_policy \fIpolicy path\fR ...
.SH DESCRIPTION
.B e4crypt
performs encryption management for ext4 file systems.
.SH COMMANDS
.TP
.B e4crypt add_key -S \fR[\fB -k \fIkeyring\fR ] [\fB-v\fR] [\fB-q\fR] [ \fI path\fR ... ]
Prompts the user for a passphrase and inserts it into the specified
keyring. If no keyring is specified, e4crypt will use the session
keyring if it exists or the user session keyring if it does not.
.IP
If one or more directory paths are specified, e4crypt will try to
set the policy of those directories to use the key just entered by
the user.
.TP
.B e4crypt get_policy \fIpath\fR ...
Print the policy for the directories specified on the command line.
.TP
.B e4crypt new_session
Give the invoking process (typically a shell) a new session keyring,
discarding its old session keyring.
.TP
.B e4crypt set_policy \fIpolicy path\fR ...
Sets the policy for the directories specified on the command line.
All directories must be empty to set the policy; if the directory
already has a policy established, e4crypt will validate that the
policy matches what was specified. A policy is an encryption key
identifier consisting of 16 hexadecimal characters.
.SH AUTHOR
Written by Michael Halcrow <mhalcrow@google.com>, Ildar Muslukhov
<muslukhovi@gmail.com>, and Theodore Ts'o <tytso@mit.edu>
.SH SEE ALSO
.BR keyctl (1),
.BR mke2fs (8),
.BR mount (8).