fscrypt.rst - OpenGrok cross reference for /linux-6.14.4/Documentation/filesystems/fscrypt.rst

Lines Matching full:encrypted
35 and CephFS.  This allows encrypted files to be read and written
36 without caching both the decrypted and encrypted pages in the
39 inodes are needed.  eCryptfs also limits encrypted filenames to 143
45 supports marking an empty directory as encrypted.  Then, after
48 encrypted.
118 "locked", i.e. in ciphertext or encrypted form.
124   encrypted files and directories before removing a master key, as
126   encrypted directory.
156   with another user's encrypted files to which they have read-only
169 policies on all new encrypted directories.
177 Each encrypted directory tree is protected by a *master key*.  Master
185 To "unlock" an encrypted directory tree, userspace must provide the
244 encrypted inode (regular file, directory, or symlink) is created,
272 (contents or filenames) is encrypted, the file's 16-byte nonce is
327 encrypted directories use this style of hashing.
458 units".  Each data unit is encrypted independently.  The IV for each
460 the file.  This ensures that each data unit within a file is encrypted
465 extent mapping of files are not supported on encrypted files.
482 encrypted.  UBIFS compression works as described above.  f2fs
486 it is encrypted in a similar way to a file containing holes.
511 passed to AES-128-CBC, it is encrypted with AES-256 where the AES-256
517 For filenames, each full filename is encrypted at once.  Because of
522 However, each encrypted directory still uses a unique key, or
529 corresponding encrypted filenames will also share a common prefix.  This is
536 being encrypted.  In addition, to reduce leakage of filename lengths
545 encrypted in the same way as filenames in directory entries, except
592   For new encrypted directories, use v2 policies.
656   before any files can be created in the encrypted directory.
666 If the file is not yet encrypted, then FS_IOC_SET_ENCRYPTION_POLICY
669 encrypted directory.  After that, and after providing the
672 directory will be encrypted, inheriting the same encryption policy.
673 The filenames in the directory's entries will be encrypted as well.
675 Alternatively, if the file is already encrypted, then
687 encrypted directory does not need to be accessed immediately, then the
691 encrypted, even if it is empty.  Users who want to encrypt an entire
699 - ``EEXIST``: the file is already encrypted with an encryption policy
720 - ``EPERM``: this directory may not be encrypted, e.g. because it is
766 - ``EINVAL``: the file is encrypted, but it uses an unrecognized
768 - ``ENODATA``: the file is not encrypted
775 - ``EOVERFLOW``: the file is encrypted and uses a recognized
779 Note: if you only need to know whether a file is encrypted or not, on
797 encrypted using a newer encryption policy version.
815 On encrypted files and directories it gets the inode's 16-byte nonce.
830 encrypted using that key appear "unlocked", i.e. in plaintext form.
954 locked/unlocked status of encrypted files (i.e. whether they appear to
958 access encrypted files.
1164 for determining whether the key for a given encrypted directory needs
1181 With the encryption key, encrypted regular files, directories, and
1186 - Unencrypted files, or files encrypted with a different encryption
1188   linked into an encrypted directory; see `Encryption policy
1190   encrypted files can be renamed within an encrypted directory, or
1193   Note: "moving" an unencrypted file into an encrypted directory, e.g.
1197   all files encrypted from the very beginning.  The `shred` program
1201 - Direct I/O is supported on encrypted files only under some
1205   FALLOC_FL_INSERT_RANGE are not supported on encrypted files and will
1208 - Online defragmentation of encrypted files is not supported.  The
1212 - The ext4 filesystem does not support data journaling with encrypted
1215 - DAX (Direct Access) is not supported on encrypted files.
1217 - The maximum length of an encrypted symlink is 2 bytes shorter than
1220   to 4095 bytes long, while encrypted symlinks can only be up to 4093
1224 for an encrypted file contains the plaintext, not the ciphertext.
1229 Some filesystem operations may be performed on encrypted regular
1244   present and are not encrypted or encoded.
1252   in encrypted form, similar to filenames in directories.  Hence, they
1261 be created or linked into an encrypted directory, nor can a name in an
1262 encrypted directory be the source or target of a rename, nor can an
1263 O_TMPFILE temporary file be created in an encrypted directory.  All
1266 It is not currently possible to backup and restore encrypted files
1277 not be encrypted.
1280 files, or files encrypted with a different encryption policy, in an
1281 encrypted directory tree.  Attempts to link or rename such a file into
1282 an encrypted directory will fail with EXDEV.  This is also enforced
1306 (I/O requests) to specify how the data will be encrypted or decrypted
1336 For direct I/O on an encrypted file to work, the following conditions
1352 encrypted file will fall back to buffered I/O.
1398 different files to be encrypted differently; see `Per-file encryption
1437 impossible for the filesystem's fsck tool to optimize encrypted
1463 ``rm -r`` work as expected on encrypted directories.
1494 encrypted with a dummy key, without having to make any API calls.
1495 This tests the encrypted I/O paths more thoroughly.  To do this with