summaryrefslogtreecommitdiffstats
path: root/misc/e4crypt.8.in
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--misc/e4crypt.8.in74
1 files changed, 74 insertions, 0 deletions
diff --git a/misc/e4crypt.8.in b/misc/e4crypt.8.in
new file mode 100644
index 0000000..97bbcc9
--- /dev/null
+++ b/misc/e4crypt.8.in
@@ -0,0 +1,74 @@
+.TH E4CRYPT 8 "@E2FSPROGS_MONTH@ @E2FSPROGS_YEAR@" "E2fsprogs version @E2FSPROGS_VERSION@"
+.SH NAME
+e4crypt \- ext4 file system encryption utility
+.SH SYNOPSIS
+.B e4crypt add_key -S \fR[\fB -k \fIkeyring\fR ] [\fB-v\fR] [\fB-q\fR] \fR[\fB -p \fIpad\fR ] [ \fIpath\fR ... ]
+.br
+.B e4crypt new_session
+.br
+.B e4crypt get_policy \fIpath\fR ...
+.br
+.B e4crypt set_policy \fR[\fB -p \fIpad\fR ] \fIpolicy path\fR ...
+.SH DESCRIPTION
+.B e4crypt
+performs encryption management for ext4 file systems.
+.SH COMMANDS
+.TP
+.B e4crypt add_key \fR[\fB-vq\fR] [\fB-S\fI salt\fR ] [\fB-k \fIkeyring\fR ] [\fB -p \fIpad\fR ] [ \fIpath\fR ... ]
+Prompts the user for a passphrase and inserts it into the specified
+keyring. If no keyring is specified, e4crypt will use the session
+keyring if it exists or the user session keyring if it does not.
+.IP
+The
+.I salt
+argument is interpreted in a number of different ways, depending on how
+its prefix value. If the first two characters are "s:", then the rest
+of the argument will be used as an text string and used as the salt
+value. If the first two characters are "0x", then the rest of the
+argument will be parsed as a hex string as used as the salt. If the
+first characters are "f:" then the rest of the argument will be
+interpreted as a filename from which the salt value will be read. If
+the string begins with a '/' character, it will similarly be treated as
+filename. Finally, if the
+.I salt
+argument can be parsed as a valid UUID, then the UUID value will be used
+as a salt value.
+.IP
+The
+.I keyring
+argument specifies the keyring to which the key should be added.
+.IP
+The
+.I pad
+value specifies the number of bytes of padding will be added to
+directory names for obfuscation purposes. Valid
+.I pad
+values are 4, 8, 16, and 32.
+.IP
+If one or more directory paths are specified, e4crypt will try to
+set the policy of those directories to use the key just added by the
+.B add_key
+command. If a salt was explicitly specified, then it will be used
+to derive the encryption key of those directories. Otherwise a
+directory-specific default salt will be used.
+.TP
+.B e4crypt get_policy \fIpath\fR ...
+Print the policy for the directories specified on the command line.
+.TP
+.B e4crypt new_session
+Give the invoking process (typically a shell) a new session keyring,
+discarding its old session keyring.
+.TP
+.B e4crypt set_policy \fR[\fB -p \fIpad\fR ] \fIpolicy path\fR ...
+Sets the policy for the directories specified on the command line.
+All directories must be empty to set the policy; if the directory
+already has a policy established, e4crypt will validate that the
+policy matches what was specified. A policy is an encryption key
+identifier consisting of 16 hexadecimal characters.
+.SH AUTHOR
+Written by Michael Halcrow <mhalcrow@google.com>, Ildar Muslukhov
+<muslukhovi@gmail.com>, and Theodore Ts'o <tytso@mit.edu>
+.SH SEE ALSO
+.BR keyctl (1),
+.BR mke2fs (8),
+.BR mount (8).