# E4CRYPT(8) - man - phpMan

[E4CRYPT(8)](https://www.chedong.com/phpMan.php/man/E4CRYPT/8/markdown)                             System Manager's Manual                            [E4CRYPT(8)](https://www.chedong.com/phpMan.php/man/E4CRYPT/8/markdown)



## NAME
       e4crypt - ext4 file system encryption utility

## SYNOPSIS
       **e4crypt** **add**___**key** **-S** [ **-k** _keyring_ ] [**-v**] [**-q**] [ **-p** _pad_ ] [ _path_ ... ]
       **e4crypt** **new**___**session**
       **e4crypt** **get**___**policy** _path_ ...
       **e4crypt** **set**___**policy** [ **-p** _pad_ ] _policy_ _path_ ...

## DESCRIPTION
       **e4crypt** performs encryption management for ext4 file systems.

## COMMANDS
       **e4crypt** **add**___**key** [**-vq**] [**-S** _salt_ ] [**-k** _keyring_ ] [ **-p** _pad_ ] [ _path_ ... ]
              Prompts  the  user  for a passphrase and inserts it into the specified keyring.  If no
              keyring is specified, e4crypt will use the session keyring if it exists  or  the  user
              session keyring if it does not.

              The  _salt_  argument is interpreted in a number of different ways, depending on how its
              prefix value.  If the first two characters are "s:", then the  rest  of  the  argument
              will  be  used as an text string and used as the salt value.  If the first two charac‐
              ters are "0x", then the rest of the argument will be parsed as a hex string as used as
              the  salt.  If the first characters are "f:" then the rest of the argument will be in‐
              terpreted as a filename from which the salt value will be read.  If the string  begins
              with  a '/' character, it will similarly be treated as filename.  Finally, if the _salt_
              argument can be parsed as a valid UUID, then the UUID value will be  used  as  a  salt
              value.

              The _keyring_ argument specifies the keyring to which the key should be added.

              The  _pad_  value  specifies  the  number of bytes of padding will be added to directory
              names for obfuscation purposes.  Valid _pad_ values are 4, 8, 16, and 32.

              If one or more directory paths are specified, e4crypt will try to set  the  policy  of
              those directories to use the key just added by the **add**___**key** command.  If a salt was ex‐
              plicitly specified, then it will be used to derive the encryption key of those  direc‐
              tories.  Otherwise a directory-specific default salt will be used.

       **e4crypt** **get**___**policy** _path_ ...
              Print the policy for the directories specified on the command line.

       **e4crypt** **new**___**session**
              Give  the  invoking  process (typically a shell) a new session keyring, discarding its
              old session keyring.

       **e4crypt** **set**___**policy** [ **-p** _pad_ ] _policy_ _path_ ...
              Sets the policy for the directories specified on the command  line.   All  directories
              must  be  empty  to set the policy; if the directory already has a policy established,
              e4crypt will validate that the policy matches what was specified.  A policy is an  en‐
              cryption key identifier consisting of 16 hexadecimal characters.

## AUTHOR
       Written by Michael Halcrow <<mhalcrow@google.com>>, Ildar Muslukhov <<muslukhovi@gmail.com>>, and
       Theodore Ts'o <<tytso@mit.edu>>

## SEE ALSO
       [**keyctl**(1)](https://www.chedong.com/phpMan.php/man/keyctl/1/markdown), [**mke2fs**(8)](https://www.chedong.com/phpMan.php/man/mke2fs/8/markdown), [**mount**(8)](https://www.chedong.com/phpMan.php/man/mount/8/markdown).



E2fsprogs version 1.46.5                    December 2021                                 [E4CRYPT(8)](https://www.chedong.com/phpMan.php/man/E4CRYPT/8/markdown)