MAN-J
Man PagesPricing
LoginGet Started
e4crypt(8)
Original
English • 72 lines
E4CRYPT(8)		    System Manager's Manual		    E4CRYPT(8)

NAME
       e4crypt - ext4 file system encryption utility

SYNOPSIS
       e4crypt add_key -S [ -k keyring ] [-v] [-q] [ -p pad ] [ path ... ]
       e4crypt new_session
       e4crypt get_policy path ...
       e4crypt set_policy [ -p pad ] policy path ...

DESCRIPTION
       e4crypt performs encryption management for ext4 file systems.

COMMANDS
       e4crypt add_key [-vq] [-S salt ] [-k keyring ] [ -p pad ] [ path ... ]
	      Prompts the user for a passphrase and inserts it into the
	      specified keyring.  If no keyring is specified, e4crypt will use
	      the session keyring if it exists or the user session keyring if
	      it does not.

	      The salt argument is interpreted in a number of different ways,
	      depending on how its prefix value.  If the first two characters
	      are "s:", then the rest of the argument will be used as an text
	      string and used as the salt value.  If the first two characters
	      are "0x", then the rest of the argument will be parsed as a hex
	      string as used as the salt.  If the first characters are "f:"
	      then the rest of the argument will be interpreted as a filename
	      from which the salt value will be read.  If the string begins
	      with a '/' character, it will similarly be treated as filename.
	      Finally, if the salt argument can be parsed as a valid UUID,
	      then the UUID value will be used as a salt value.

	      The keyring argument specifies the keyring to which the key
	      should be added.

	      The pad value specifies the number of bytes of padding will be
	      added to directory names for obfuscation purposes.  Valid pad
	      values are 4, 8, 16, and 32.

	      If one or more directory paths are specified, e4crypt will try
	      to set the policy of those directories to use the key just added
	      by the add_key command.  If a salt was explicitly specified,
	      then it will be used to derive the encryption key of those
	      directories.  Otherwise a directory-specific default salt will
	      be used.

       e4crypt get_policy path ...
	      Print the policy for the directories specified on the command
	      line.

       e4crypt new_session
	      Give the invoking process (typically a shell) a new session
	      keyring, discarding its old session keyring.

       e4crypt set_policy [ -p pad ] policy path ...
	      Sets the policy for the directories specified on the command
	      line.  All directories must be empty to set the policy; if the
	      directory already has a policy established, e4crypt will
	      validate that the policy matches what was specified.  A policy
	      is an encryption key identifier consisting of 16 hexadecimal
	      characters.

AUTHOR
       Written by Michael Halcrow <mhalcrow@google.com>, Ildar Muslukhov
       <muslukhovi@gmail.com>, and Theodore Ts'o <tytso@mit.edu>

SEE ALSO
       keyctl(1), mke2fs(8), mount(8).

E2fsprogs version 1.47.3	   July 2025			    E4CRYPT(8)

e4crypt(8)

e4crypt \- ext4 file system encryption utility

0popularity

System Information

E2fsprogs version 1.47.3 1.0.0
Updated July 2025
Maintained by Unknown

Actions