E4CRYPT(8)                (August 2021)                E4CRYPT(8)

     NAME
          e4crypt - ext4 file system encryption utility

     SYNOPSIS
          e4crypt add_key -S [ -k keyring
          e4crypt new_session
          e4crypt get_policy path ...
          e4crypt set_policy [ -p pad ]

     DESCRIPTION
          e4crypt performs encryption management for ext4 file sys-
          tems.

     COMMANDS
          e4crypt add_key [-vq] [-S salt ]
               Prompts the user for a passphrase and inserts it into
               the specified keyring.  If no keyring is specified,
               e4crypt will use the session keyring if it exists or
               the user session keyring if it does not.

               The salt argument is interpreted in a number of differ-
               ent ways, depending on how its prefix value.  If the
               first two characters are "s:", then the rest of the
               argument will be used as an text string and used as the
               salt value.  If the first two characters are "0x", then
               the rest of the argument will be parsed as a hex string
               as used as the salt.  If the first characters are "f:"
               then the rest of the argument will be interpreted as a
               filename from which the salt value will be read.  If
               the string begins with a '/' character, it will simi-
               larly be treated as filename.  Finally, if the salt
               argument can be parsed as a valid UUID, then the UUID
               value will be used as a salt value.

               The keyring argument specifies the keyring to which the
               key should be added.

               The pad value specifies the number of bytes of padding
               will be added to directory names for obfuscation pur-
               poses.  Valid pad values are 4, 8, 16, and 32.

               If one or more directory paths are specified, e4crypt
               will try to set the policy of those directories to use
               the key just added by the add_key command.  If a salt
               was explicitly specified, then it will be used to
               derive the encryption key of those directories.  Other-
               wise a directory-specific default salt will be used.

          e4crypt get_policy path ...
               Print the policy for the directories specified on the

     Page 1              E2fsprogs version 1.46.4    (printed 5/24/22)

     E4CRYPT(8)                (August 2021)                E4CRYPT(8)

               command line.

          e4crypt new_session
               Give the invoking process (typically a shell) a new
               session keyring, discarding its old session keyring.

          e4crypt set_policy [ -p pad ]
               Sets the policy for the directories specified on the
               command line.  All directories must be empty to set the
               policy; if the directory already has a policy estab-
               lished, e4crypt will validate that the policy matches
               what was specified.  A policy is an encryption key
               identifier consisting of 16 hexadecimal characters.

     AUTHOR
          Written by Michael Halcrow <mhalcrow@google.com>, Ildar Mus-
          lukhov <muslukhovi@gmail.com>, and Theodore Ts'o
          <tytso@mit.edu>

     SEE ALSO
          keyctl(1), mke2fs(8), mount(8).

     Page 2              E2fsprogs version 1.46.4    (printed 5/24/22)