fscrypt.rst - OpenGrok cross reference for /Linux-v5.4/Documentation/filesystems/fscrypt.rst

Lines Matching refs:encrypted
35 UBIFS.  This allows encrypted files to be read and written without
36 caching both the decrypted and encrypted pages in the pagecache,
39 needed.  eCryptfs also limits encrypted filenames to 143 bytes,
45 supports marking an empty directory as encrypted.  Then, after
48 encrypted.
118 "locked", i.e. in ciphertext or encrypted form.
124   encrypted files and directories before removing a master key, as
126   encrypted directory.
156   with another user's encrypted files to which they have read-only
169 policies on all new encrypted directories.
177 Each encrypted directory tree is protected by a *master key*.  Master
185 To "unlock" an encrypted directory tree, userspace must provide the
244 encrypted inode (regular file, directory, or symlink) is created,
277 filenames) is encrypted, the file's 16-byte nonce is included in the
333 For file contents, each filesystem block is encrypted independently.
341   is encrypted with AES-256 where the AES-256 key is the SHA-256 hash
352 For filenames, each full filename is encrypted at once.  Because of
357 However, each encrypted directory still uses a unique key; or
364 bytes for AES), the corresponding encrypted filenames will also share
371 being encrypted.  In addition, to reduce leakage of filename lengths
380 encrypted in the same way as filenames in directory entries, except
426   new encrypted directories, use v2 policies.
450   before any files can be created in the encrypted directory.
460 If the file is not yet encrypted, then FS_IOC_SET_ENCRYPTION_POLICY
463 encrypted directory.  After that, and after providing the
466 directory will be encrypted, inheriting the same encryption policy.
467 The filenames in the directory's entries will be encrypted as well.
469 Alternatively, if the file is already encrypted, then
481 encrypted directory does not need to be accessed immediately, then the
485 encrypted, even if it is empty.  Users who want to encrypt an entire
493 - ``EEXIST``: the file is already encrypted with an encryption policy
512 - ``EPERM``: this directory may not be encrypted, e.g. because it is
558 - ``EINVAL``: the file is encrypted, but it uses an unrecognized
560 - ``ENODATA``: the file is not encrypted
567 - ``EOVERFLOW``: the file is encrypted and uses a recognized
571 Note: if you only need to know whether a file is encrypted or not, on
590 encrypted using a newer encryption policy version.
612 encrypted using that key appear "unlocked", i.e. in plaintext form.
708 locked/unlocked status of encrypted files (i.e. whether they appear to
712 access encrypted files.
918 for determining whether the key for a given encrypted directory needs
935 With the encryption key, encrypted regular files, directories, and
940 - Unencrypted files, or files encrypted with a different encryption
942   linked into an encrypted directory; see `Encryption policy
944   encrypted files can be renamed within an encrypted directory, or
947   Note: "moving" an unencrypted file into an encrypted directory, e.g.
951   all files encrypted from the very beginning.  The `shred` program
955 - Direct I/O is not supported on encrypted files.  Attempts to use
960   on encrypted files and will fail with EOPNOTSUPP.
962 - Online defragmentation of encrypted files is not supported.  The
966 - The ext4 filesystem does not support data journaling with encrypted
969 - DAX (Direct Access) is not supported on encrypted files.
971 - The st_size of an encrypted symlink will not necessarily give the
976 - The maximum length of an encrypted symlink is 2 bytes shorter than
979   to 4095 bytes long, while encrypted symlinks can only be up to 4093
983 for an encrypted file contains the plaintext, not the ciphertext.
988 Some filesystem operations may be performed on encrypted regular
1003   present and are not encrypted or encoded.
1011   in encrypted form, similar to filenames in directories.  Hence, they
1020 be created or linked into an encrypted directory, nor can a name in an
1021 encrypted directory be the source or target of a rename, nor can an
1022 O_TMPFILE temporary file be created in an encrypted directory.  All
1025 It is not currently possible to backup and restore encrypted files
1036 not be encrypted.
1039 files, or files encrypted with a different encryption policy, in an
1040 encrypted directory tree.  Attempts to link or rename such a file into
1041 an encrypted directory will fail with EXDEV.  This is also enforced
1091 different files to be encrypted differently; see `Per-file keys`_ and
1123 impossible for the filesystem's fsck tool to optimize encrypted
1149 ``rm -r`` work as expected on encrypted directories.
1177 encrypted with a dummy key, without having to make any API calls.
1178 This tests the encrypted I/O paths more thoroughly.  To do this with