ext4 encrypt - efanov/mephi GitHub Wiki
$ dd if=/dev/zero of=fs.img bs=1M count=100 100+0 records in 100+0 records out 104857600 bytes (105 MB, 100 MiB) copied, 0.128788 s, 814 MB/s
$ mkfs -t ext4 -O encrypt fs.img
mke2fs 1.45.5 (07-Jan-2020)
Discarding device blocks: done
Creating filesystem with 102400 1k blocks and 25688 inodes
Filesystem UUID: 08e6ccda-c6bf-4ca8-acca-c58f82da58ae
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729
Allocating group tables: done
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
$ dumpe2fs -h fs.img | grep 'Filesystem features' dumpe2fs 1.45.5 (07-Jan-2020) Filesystem features: has_journal ext_attr resize_inode dir_index filetype extent 64bit flex_bg encrypt sparse_super large_file huge_file dir_nlink extra_isize metadata_csum
Видно, что появилась фича encrypt.
mount -o loop fs.img /mnt
losetup --list
NAME SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE DIO LOG-SEC /dev/loop0 0 0 1 0 /root/fs.img 0 512
$ e4crypt add_key Enter passphrase (echo disabled): Added key with descriptor [71d671bceeb8fdf1]
$ keyctl show Session Keyring 436565881 --alswrv 1000 1000 keyring: _ses 121868040 --alswrv 1000 65534 _ keyring: _uid.1000 438440517 --alsw-v 1000 1000 _ logon: ext4:71d671bceeb8fdf1
71d671bceeb8fdf1 - дескриптор нашего ключа
mkdir /mnt/mephi_encrypt
chown user1: /mnt/mephi_encrypt
$ e4crypt set_policy 71d671bceeb8fdf1 /mnt/mephi_encrypt Key with descriptor [71d671bceeb8fdf1] applied to /mnt/mephi_encrypt. $ e4crypt get_policy /mnt/mephi_encrypt /mnt/mephi_encrypt: 71d671bceeb8fdf1
$ echo "MEPhI secrets" > //mnt/mephi_encrypt/mephi_secrets.txt $ ls -l //mnt/mephi_encrypt/ total 2 -rw-rw-r--. 1 defanov defanov 14 Feb 19 01:26 mephi_secrets.txt $ cat //mnt/mephi_encrypt/mephi_secrets.txt MEPhI secrets