Skip to content

ext4 encrypt

Jump to bottom
Dmitry Efanov edited this page Feb 18, 2023 · 1 revision

$ dd if=/dev/zero of=fs.img bs=1M count=100 100+0 records in 100+0 records out 104857600 bytes (105 MB, 100 MiB) copied, 0.128788 s, 814 MB/s

$ mkfs -t ext4 -O encrypt fs.img mke2fs 1.45.5 (07-Jan-2020) Discarding device blocks: done
Creating filesystem with 102400 1k blocks and 25688 inodes Filesystem UUID: 08e6ccda-c6bf-4ca8-acca-c58f82da58ae Superblock backups stored on blocks: 8193, 24577, 40961, 57345, 73729

Allocating group tables: done
Writing inode tables: done
Creating journal (4096 blocks): done Writing superblocks and filesystem accounting information: done

$ dumpe2fs -h fs.img | grep 'Filesystem features' dumpe2fs 1.45.5 (07-Jan-2020) Filesystem features: has_journal ext_attr resize_inode dir_index filetype extent 64bit flex_bg encrypt sparse_super large_file huge_file dir_nlink extra_isize metadata_csum

Видно, что появилась фича encrypt.

mount -o loop fs.img /mnt

losetup --list

NAME SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE DIO LOG-SEC /dev/loop0 0 0 1 0 /root/fs.img 0 512

$ e4crypt add_key Enter passphrase (echo disabled): Added key with descriptor [71d671bceeb8fdf1]

$ keyctl show Session Keyring 436565881 --alswrv 1000 1000 keyring: _ses 121868040 --alswrv 1000 65534 _ keyring: _uid.1000 438440517 --alsw-v 1000 1000 _ logon: ext4:71d671bceeb8fdf1

71d671bceeb8fdf1 - дескриптор нашего ключа

mkdir /mnt/mephi_encrypt

chown user1: /mnt/mephi_encrypt

$ e4crypt set_policy 71d671bceeb8fdf1 /mnt/mephi_encrypt Key with descriptor [71d671bceeb8fdf1] applied to /mnt/mephi_encrypt. $ e4crypt get_policy /mnt/mephi_encrypt /mnt/mephi_encrypt: 71d671bceeb8fdf1

$ echo "MEPhI secrets" > //mnt/mephi_encrypt/mephi_secrets.txt $ ls -l //mnt/mephi_encrypt/ total 2 -rw-rw-r--. 1 defanov defanov 14 Feb 19 01:26 mephi_secrets.txt $ cat //mnt/mephi_encrypt/mephi_secrets.txt MEPhI secrets

Clone this wiki locally