{ "version": "https://jsonfeed.org/version/1.1", "user_comment": "This feed allows you to read the posts from this site in any feed reader that supports the JSON Feed format. To add this feed to your reader, copy the following URL -- https://matoken.org/blog/tag/ext4/feed/json/ -- and add it your reader.", "home_page_url": "https://matoken.org/blog/tag/ext4/", "feed_url": "https://matoken.org/blog/tag/ext4/feed/json/", "language": "ja", "title": "ext4 – matoken's blog", "description": "Is there no plan B?", "icon": "https://matoken.org/blog/wp-content/uploads/2025/03/cropped-1865f695c4eecc844385acef2f078255036adccd42c254580ea3844543ab56d9.jpeg", "items": [ { "id": "http://matoken.org/blog/?p=1579", "url": "https://matoken.org/blog/2017/04/02/try-ext4-encryption-file-system/", "title": "ext4\u306e\u6697\u53f7\u5316fs\u3092\u8a66\u3057\u3066\u307f\u308b", "content_html": "

Linux 4.1\u3067ext4\u306e\u6697\u53f7\u5316\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u304c\u53d6\u308a\u8fbc\u307e\u308c\u3066\u3044\u308b\u306e\u306b\u6c17\u3065\u3044\u305f\u306e\u3067\u5c11\u3057\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\uff0e
\ncCryptFS\u3084EncFS\u306a\u3069\u3068\u540c\u3058\u3088\u3046\u306b\u30d5\u30a1\u30a4\u30eb\u5358\u4f4d\u3067\u306e\u6697\u53f7\u5316\u3067\u3059\uff0e\u524d\u3082\u3063\u3066\u6697\u53f7\u5316\u30d5\u30e9\u30b0\u3092\u8a2d\u5b9a\u3057\u3066\u3042\u308c\u3070\u4e00\u822c\u30e6\u30fc\u30b6\u304c\u52dd\u624b\u306b\u6697\u53f7\u9818\u57df\u3092\u4f5c\u308b\u3053\u3068\u3082\u53ef\u80fd\u3067\u3057\u305f\uff0eeCryptFS\u3084EncFS\u306e\u3088\u3046\u306a\u4f7f\u3044\u65b9\u3082\u53ef\u80fd\u305d\u3046\u3067\u3059\uff0e\u6050\u3089\u304f\u901f\u5ea6\u306f\u3053\u3061\u3089\u306e\u307b\u3046\u304c\u901f\u3044\u3067\u3057\u3087\u3046(\u672a\u78ba\u8a8d)\uff0e\u305f\u3060\uff0c\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u304c\u308f\u304b\u3063\u3066\u3057\u307e\u3046\u3068\u5225\u306e\u30e6\u30fc\u30b6\u304b\u3089\u3082\u30de\u30a6\u30f3\u30c8\u53ef\u80fd\u3060\u3057\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u304c\u3042\u308c\u3070\u8aad\u307f\u66f8\u304d\u3082\u51fa\u6765\u308b\u306e\u3067\u901a\u5e38\u306e\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3068\u540c\u69d8\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u306e\u8a2d\u5b9a\u306f\u5fc5\u9808\u3067\u3059\u306d\uff0e
\n\u30d1\u30fc\u30c6\u30a3\u30b7\u30e7\u30f3\u5185\u5168\u3066\u3092\u6697\u53f7\u5316\u3059\u308b\u3053\u3068\u306f\u51fa\u6765\u306a\u3044\u3088\u3046\u306a\u306e\u3067LUKS(dm-crypt)\u3068\u306f\u5358\u7d14\u306b\u7a7a\u304d\u304b\u3048\u308b\u3053\u3068\u306f\u3067\u304d\u306a\u3055\u305d\u3046\u3067\u3059\uff0e

\n

\u305d\u3093\u306a\u3053\u3093\u306a\u3067\u3082\u3068\u3082\u3068Android\u5411\u3051\u3068\u3044\u3046\u3053\u3068\u3082\u3042\u3063\u3066PC/Server\u3067\u306f\u3042\u307e\u308a\u4f7f\u3044\u307f\u3061\u304c\u601d\u3044\u3064\u304b\u306a\u3044\u611f\u3058\u3067\u3059\uff0e(\u4f55\u304b\u3044\u3044\u4f7f\u3044\u65b9\u3042\u308a\u305d\u3046\u3060\u3051\u3069\u2026\u2026\uff0e)

\n

\u5fc5\u8981\u6761\u4ef6\u78ba\u8a8d

\n\n
\n
$ uname -r\r\n4.9.0-2-amd64\r\n
\n
\n\n
\n
$ grep CONFIG_EXT4_ENCRYPTION /boot/config-`uname -r`\r\nCONFIG_EXT4_ENCRYPTION=y\r\n
\n
\n\n
\n
$ dpkg-query -W e2fsprogs\r\ne2fsprogs       1.43.4-2\r\n
\n
\n\n
\n
$ sudo dumpe2fs /dev/loop0 | grep -i 'block size'\r\ndumpe2fs 1.43.4 (31-Jan-2017)\r\nBlock size:               4096\r\n
\n
\n

\u5fc5\u8981\u306a\u30d1\u30c3\u30b1\u30fc\u30b8\u306e\u5c0e\u5165

\n
\n
$ sudo apt install e2fsprogs keyutils util-linux coreutils mount\r\n
\n
\n

\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306e\u7528\u610f

\n

\u4eca\u56de\u306f\u65e2\u5b58\u306e\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u5185\u306b\u30c7\u30a3\u30b9\u30af\u30a4\u30e1\u30fc\u30b8\u3092\u4f5c\u6210\u3057\u3066\u305d\u308c\u3092\u5229\u7528

\n\n
\n
$ dd if=/dev/zero of=ext4-crypt.img seek=1073741824 bs=1 count=1\r\n1+0 \u30ec\u30b3\u30fc\u30c9\u5165\u529b\r\n1+0 \u30ec\u30b3\u30fc\u30c9\u51fa\u529b\r\n1 byte copied, 0.000118528 s, 8.4 kB/s\r\n
\n
\n\n
\n
$ /sbin/fdisk ext4-crypt.img\r\n\r\nWelcome to fdisk (util-linux 2.29.2).\r\nChanges will remain in memory only, until you decide to write them.\r\nBe careful before using the write command.\r\n\r\nDevice does not contain a recognized partition table.\r\nCreated a new DOS disklabel with disk identifier 0xa25a3988.\r\n\r\nCommand (m for help): n\r\nPartition type\r\n   p   primary (0 primary, 0 extended, 4 free)\r\n   e   extended (container for logical partitions)\r\nSelect (default p): p\r\nPartition number (1-4, default 1): \r\nFirst sector (2048-2097151, default 2048): \r\nLast sector, +sectors or +size{K,M,G,T,P} (2048-2097151, default 2097151): \r\n\r\nCreated a new partition 1 of type 'Linux' and of size 1023 MiB.\r\n\r\nCommand (m for help): w\r\nThe partition table has been altered.\r\nSyncing disks.\r\n
\n
\n\n
\n
$ /sbin/mkfs.ext4 ./ext4-crypt.img \r\nmke2fs 1.43.4 (31-Jan-2017)\r\nFound a dos partition table in ./ext4-crypt.img\r\nProceed anyway? (y,N) y\r\nDiscarding device blocks: done                            \r\nCreating filesystem with 262144 4k blocks and 65536 inodes\r\nFilesystem UUID: dc44fd43-7d7a-4dfc-87f1-dc52410e2dd1\r\nSuperblock backups stored on blocks: \r\n        32768, 98304, 163840, 229376\r\n\r\nAllocating group tables: done                            \r\nWriting inode tables: done                            \r\nCreating journal (8192 blocks): done\r\nWriting superblocks and filesystem accounting information: done\r\n
\n
\n\n
\n
$ sudo mount -o loop ./ext4-crypt.img /mnt\r\n$ grep /mnt /etc/mtab \r\n/dev/loop0 /mnt ext4 rw,relatime,data=ordered 0 0\r\n
\n
\n\n
\n
$ sudo chown `id -u`.`id -g` /mnt\r\n$ ls -la /mnt\r\n\u5408\u8a08 36\r\ndrwxr-xr-x 3 mk   mk    4096  4\u6708  2 04:58 .\r\ndrwxr-xr-x 1 root root   248  3\u6708 28 02:19 ..\r\ndrwx------ 2 root root 16384  4\u6708  2 04:58 lost+found\r\n
\n
\n

ext4\u6697\u53f7\u5316\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306e\u5229\u7528

\n\n
\n
$ sudo tune2fs -O encrypt /dev/loop0\r\n$ sudo dumpe2fs /dev/loop0 | grep -io encrypt\r\ndumpe2fs 1.43.4 (31-Jan-2017)\r\nencrypt\r\n
\n
\n\n
\n
$ /usr/sbin/e4crypt add_key\r\nEnter passphrase (echo disabled): \r\nAdded key with descriptor [07a3ce5a6ebf0396]\r\n$ keyctl show\r\nSession Keyring\r\n1048296028 --alswrv   1000  1000  keyring: _ses\r\n 615559430 --alsw-v   1000  1000   \\_ logon: ext4:07a3ce5a6ebf0396\r\n
\n
\n

\u203b\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u306e\u5165\u529b\u306f1\u56de\u3060\u3051\u3067\u78ba\u8a8d\u3055\u308c\u306a\u3044\u306e\u3067\u521d\u56de\u306f\u7279\u306b\u6ce8\u610f\uff0e\u5229\u7528\u3057\u306f\u3058\u3081\u308b\u524d\u306b\u30ad\u30fc\u30ea\u30f3\u30b0\u3092\u30af\u30ea\u30a2\u3057\u3066\u767b\u9332\u3057\u76f4\u3057\u3066\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u304c\u6b63\u3057\u3044\u304b\u78ba\u8a8d\u3057\u3066\u304a\u304f\uff0e

\n\n

\u3053\u306e\u3068\u304d\u5bfe\u8c61\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u7a7a\u3067\u306f\u306a\u3044\u5834\u5408\u30a8\u30e9\u30fc\u3068\u306a\u308b( Error [Directory not empty] setting policy. )\u306e\u3067\u6ce8\u610f\uff0e

\n

\u30de\u30a6\u30f3\u30c8\u30dd\u30a4\u30f3\u30c8\u306b\u306flost+found\u304c\u5b58\u5728\u3059\u308b\u306e\u3067\u5fc5\u305a\u30b5\u30d6\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u4ee5\u4e0b\u3067\u3042\u308b\u5fc5\u8981\u304c\u3042\u308b\uff0e

\n
\n
$ mkdir /mnt/encryption\r\n$ /usr/sbin/e4crypt set_policy 07a3ce5a6ebf0396 /mnt/encryption\r\nKey with descriptor [07a3ce5a6ebf0396] applied to /mnt/encryption.\r\n
\n
\n

\u203b\u9375\u306e\u751f\u6210\u3068\u30ad\u30fc\u30ea\u30f3\u30b0\u3078\u306e\u8ffd\u52a0\u3068\u6697\u53f7\u5316\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a\u306f\u6b21\u306e\u3088\u3046\u306b\u3059\u308b\u3053\u3068\u3067\u4e00\u5ea6\u306b\u8a2d\u5b9a\u53ef\u80fd

\n
\n
$ /usr/sbin/e4crypt add_key /mnt/encryption\r\n
\n
\n\n
\n
$ echo 'hello' > /mnt/encryption/test.txt\r\n$ ls -la /mnt/encryption\r\n\u5408\u8a08 12\r\ndrwxr-xr-x 2 mk mk 4096  4\u6708  2 05:07 .\r\ndrwxr-xr-x 4 mk mk 4096  4\u6708  2 05:06 ..\r\n-rw-r--r-- 1 mk mk    6  4\u6708  2 05:07 test.txt\r\n
\n
\n\n
\n
$ sudo keyctl clear @s\r\n$ sudo keyctl show\r\nSession Keyring\r\n1048296028 --alswrv   1000  1000  keyring: _ses\r\n
\n
\n

\u30ad\u30fc\u30ea\u30f3\u30b0\u3092\u30af\u30ea\u30a2\u3057\u305f\u3060\u3051\u3067\u306f\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b

\n
\n
$ ls -lA /mnt/encryption\r\n\u5408\u8a08 12\r\n-rw-r--r-- 1 mk mk    6  4\u6708  2 05:07 test.txt\r\n
\n
\n\n

\u30ad\u30fc\u30ea\u30f3\u30b0\u3092\u30af\u30ea\u30a2\u3057\u305f\u72b6\u614b\u3067\u30a2\u30f3\u30de\u30a6\u30f3\u30c8\u3059\u308b\u3068\u6697\u53f7\u5316\u3055\u308c\u305f\u72b6\u614b\u306b\u623b\u308b

\n
\n
$ sudo umount /mnt\r\n$ sudo mount -o loop ./ext4-crypt.img /mnt\r\n$ ls -la /mnt/encryption\r\n\u5408\u8a08 12\r\ndrwxr-xr-x 2 mk mk 4096  4\u6708  2 05:42 .\r\ndrwxr-xr-x 4 mk mk 4096  4\u6708  2 05:06 ..\r\n-rw-r--r-- 1 mk mk    6  4\u6708  2 05:42 uzUlJZQfaxMx,7cC63,53A\r\n$ cat /mnt/encryption/uzUlJZQfaxMx,7cC63,53A \r\ncat: /mnt/encryption/uzUlJZQfaxMx,7cC63,53A: \u8981\u6c42\u3055\u308c\u305f\u30ad\u30fc\u304c\u5229\u7528\u3067\u304d\u307e\u305b\u3093\r\n
\n
\n

\u30e6\u30fc\u30b6\uff0c\u30b0\u30eb\u30fc\u30d7\uff0c\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u306a\u3069\u306f\u898b\u3048\u308b\uff0e\u5185\u5bb9\u306b\u306f\u30a2\u30af\u30bb\u30b9\u3067\u304d\u306a\u3044\uff0e

\n\n

\u9375\u306e\u751f\u6210\u3068\u30ad\u30fc\u30ea\u30f3\u30b0\u3078\u306e\u8ffd\u52a0\u3068\u6697\u53f7\u5316\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a\u3092\u3057\u76f4\u3059\u3068\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308b

\n
\n
$ /usr/sbin/e4crypt add_key /mnt/encryption\r\nEnter passphrase (echo disabled): \r\nAdded key with descriptor [07a3ce5a6ebf0396]\r\n$ ls -la /mnt/encryption\r\n\u5408\u8a08 12\r\ndrwxr-xr-x 2 mk mk 4096  4\u6708  2 05:42 .\r\ndrwxr-xr-x 4 mk mk 4096  4\u6708  2 05:06 ..\r\n-rw-r--r-- 1 mk mk    6  4\u6708  2 05:42 test.txt\r\n
\n
\n

\u30d5\u30a1\u30a4\u30eb\u540d\u9577\u306e\u78ba\u8a8d

\n

EncFS\u306a\u3069\u306f\u30d5\u30a1\u30a4\u30eb\u540d\u306e\u30e1\u30bf\u30c7\u30fc\u30bf\u304c\u30d5\u30a1\u30a4\u30eb\u540d\u5185\u306b\u3042\u308b\u306e\u3067\u5229\u7528\u3067\u304d\u308b\u30d5\u30a1\u30a4\u30eb\u540d\u9577\u304c\u77ed\u304f\u306a\u3063\u3066\u3057\u307e\u3046\uff0eext4\u3067\u306f\u3069\u3046\u304b\u8a66\u3059\uff0e

\n\n
\n
$ touch /mnt/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456\r\ntouch: '/mnt/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456' \u306b touch \u3067\u304d\u307e\u305b\u3093: \u30d5\u30a1\u30a4\u30eb\u540d\u304c\u9577\u3059\u304e\u307e\u3059\r\n$ touch /mnt/123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345\r\n
\n
\n\n
\n
$ touch /mnt/encryption/123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345\r\n$ ls -lA /mnt/encryption/\r\n\u5408\u8a08 4\r\n-rw-r--r-- 1 mk mk 0  4\u6708  2 07:14 123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345\r\n-rw-r--r-- 1 mk mk 6  4\u6708  2 05:42 test.txt\r\n
\n
\n\n
\n
-rw-r--r-- 1 mk mk    0  4\u6708  2 07:14 _OsoePJvc3qPQCPHbUMtjSynszcHig3BL\r\n-rw-r--r-- 1 mk mk    6  4\u6708  2 05:42 uzUlJZQfaxMx,7cC63,53A\r\n
\n
\n

\u5fa9\u53f7\u72b6\u614b\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u306f\u5225\u306e\u5834\u6240\u306b\u8a18\u9332\u3055\u308c\u3066\u3044\u308b\u3088\u3046\uff0e

\n

\u8907\u6570\u306e\u6697\u53f7\u5316\u9818\u57df\u3092\u4f5c\u3063\u3066\u307f\u308b

\n\n
\n
$ mkdir /mnt/encryption2\r\n$ ls -la /mnt/encryption2\r\n\u5408\u8a08 8\r\ndrwxr-xr-x 2 mk mk 4096  4\u6708  2 06:49 .\r\ndrwxr-xr-x 5 mk mk 4096  4\u6708  2 06:49 ..\r\n
\n
\n\n
\n
$ sudo e4crypt add_key /mnt/encryption2\r\nEnter passphrase (echo disabled):\r\nKey with descriptor [9640dd016062b432] already exists\r\nKey with descriptor [9640dd016062b432] applied to /mnt/encryption2.\r\n$ keyctl show\r\nSession Keyring   \r\n1048296028 --alswrv   1000  1000  keyring: _ses\r\n  94779002 --alsw-v      0     0   \\_ logon: ext4:69ca01e214957173\r\n 219437542 --alsw-v      0     0   \\_ logon: ext4:07a3ce5a6ebf0396\r\n1025344233 --alsw-v      0     0   \\_ logon: ext4:9640dd016062b432\r\n$ touch /mnt/encryption2/hoge\r\n
\n
\n\n
\n
$ keyctl clear @s\r\n$ keyctl show\r\nSession Keyring   \r\n1048296028 --alswrv   1000  1000  keyring: _ses\r\n$ sudo umount /mnt\r\n$ sudo mount -o loop ./ext4-crypt.img /mnt\r\n
\n
\n\n
\n
$ sudo e4crypt add_key /mnt/encryption2\r\nEnter passphrase (echo disabled):\r\nAdded key with descriptor [9640dd016062b432]\r\nKey with descriptor [9640dd016062b432] applied to /mnt/encryption2.\r\n$ ls -la /mnt/encryption*\r\n/mnt/encryption:  \r\n\u5408\u8a08 12\r\ndrwxr-xr-x 2 mk mk 4096  4\u6708  2 06:11 .\r\ndrwxr-xr-x 5 mk mk 4096  4\u6708  2 06:49 ..\r\n-rw-r--r-- 1 mk mk    0  4\u6708  2 06:11 _OsoePJvc3qPQCPHbUMtjSynszcHig3BL\r\n-rw-r--r-- 1 mk mk    6  4\u6708  2 05:42 uzUlJZQfaxMx,7cC63,53A\r\n\r\n/mnt/encryption2: \r\n\u5408\u8a08 8\r\ndrwxr-xr-x 2 mk mk 4096  4\u6708  2 06:51 .\r\ndrwxr-xr-x 5 mk mk 4096  4\u6708  2 06:49 ..\r\n-rw-r--r-- 1 mk mk    0  4\u6708  2 06:51 hoge\r\n
\n
\n

\u6697\u53f7\u5316\u9818\u57df\u306b\u9375\u304c\u767b\u9332\u3055\u308c\u3066\u306a\u3044\u72b6\u614b\u3067\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u3063\u3066\u307f\u308b

\n

\u6697\u53f7\u5316\u9818\u57df\u306b\u9375\u304c\u767b\u9332\u3055\u308c\u3066\u306a\u3044\u72b6\u614b\u3067\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u308b\u3068\u3069\u3046\u306a\u308b\u304b\u3092\u78ba\u8a8d\uff0e

\n
\n
$ ls -lA /mnt/encryption\r\n\u5408\u8a08 4\r\n-rw-r--r-- 1 mk mk 0  4\u6708  2 07:14 _OsoePJvc3qPQCPHbUMtjSynszcHig3BL\r\n-rw-r--r-- 1 mk mk 6  4\u6708  2 05:42 uzUlJZQfaxMx,7cC63,53A\r\nmk@x220:~ (1180)$ touch /mnt/encryption/test\r\ntouch: '/mnt/encryption/test' \u306e\u30bf\u30a4\u30e0\u30b9\u30bf\u30f3\u30d7\u3092\u8a2d\u5b9a\u4e2d\u3067\u3059: \u305d\u306e\u3088\u3046\u306a\u30d5\u30a1\u30a4\u30eb\u3084\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306f\u3042\u308a\u307e\u305b\u3093\r\nmk@x220:~ (1181)$ ls -lA /mnt/encryption\r\n\u5408\u8a08 4\r\n-rw-r--r-- 1 mk mk 0  4\u6708  2 07:14 _OsoePJvc3qPQCPHbUMtjSynszcHig3BL\r\n-rw-r--r-- 1 mk mk 6  4\u6708  2 05:42 uzUlJZQfaxMx,7cC63,53A\r\n
\n
\n

\u30a8\u30e9\u30fc\u3068\u306a\u3063\u3066\u4f5c\u308c\u306a\u3044\uff0e

\n

\u5225\u306e\u30e6\u30fc\u30b6\u3067\u5229\u7528

\n\n
\n
$ id\r\nuid=1001(gm) gid=1001(gm) groups=1001(gm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(netdev)\r\n$ ls -la /mnt/encryption\r\n\u5408\u8a08 12\r\ndrwxr-xr-x 2 mk mk 4096  4\u6708  2 06:11 .\r\ndrwxr-xr-x 7 mk mk 4096  4\u6708  2 07:48 ..\r\n-rw-r--r-- 1 mk mk    0  4\u6708  2 07:14 _OsoePJvc3qPQCPHbUMtjSynszcHig3BL\r\n-rw-r--r-- 1 mk mk    6  4\u6708  2 05:42 uzUlJZQfaxMx,7cC63,53A\r\n$ ls -la /mnt/encryption\r\n\u5408\u8a08 12\r\ndrwxrwxrwx 2 mk mk 4096  4\u6708  2 06:11 .\r\ndrwxr-xr-x 7 mk mk 4096  4\u6708  2 07:48 ..\r\n-rw-r--r-- 1 mk mk    0  4\u6708  2 07:14 123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345\r\n-rw-r--r-- 1 mk mk    6  4\u6708  2 05:42 test.txt\r\n
\n
\n\n
\n
$ touch /mnt/encryption/other_user\r\n$ ls -lA /mnt/encryption\r\n\u5408\u8a08 4\r\n-rw-r--r-- 1 mk mk 0  4\u6708  2 07:14 123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345\r\n-rw-r--r-- 1 gm gm 0  4\u6708  2 07:55 other_user\r\n-rw-r--r-- 1 mk mk 6  4\u6708  2 05:42 test.txt\r\n
\n
\n\n
\n
$ /usr/sbin/e4crypt add_key /mnt/encryption\r\n/mnt/encryption: Permission denied\r\n
\n
\n\n
\n
$ ls -la /mnt/encryption\r\n\u5408\u8a08 12\r\ndrwxrwxrwx 2 mk mk 4096  4\u6708  2 07:55 .\r\ndrwxr-xr-x 7 mk mk 4096  4\u6708  2 07:48 ..\r\n-rw-r--r-- 1 gm gm    0  4\u6708  2 07:55 97NmIBETx,1q9US96etRsA\r\n-rw-r--r-- 1 mk mk    0  4\u6708  2 07:14 _OsoePJvc3qPQCPHbUMtjSynszcHig3BL\r\n-rw-r--r-- 1 mk mk    6  4\u6708  2 05:42 uzUlJZQfaxMx,7cC63,53A\r\n$ /usr/sbin/e4crypt add_key /mnt/encryption\r\nEnter passphrase (echo disabled): \r\nAdded key with descriptor [07a3ce5a6ebf0396]\r\nError [Permission denied] setting policy.\r\nThe key descriptor [07a3ce5a6ebf0396] may not match the existing encryption context for directory [/mnt/encryption].\r\n$ ls -lA /mnt/encryption\r\n\u5408\u8a08 4\r\n-rw-r--r-- 1 mk mk 0  4\u6708  2 07:14 123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345\r\n-rw-r--r-- 1 gm gm 0  4\u6708  2 07:55 other_user\r\n-rw-r--r-- 1 mk mk 6  4\u6708  2 05:42 test.txt\r\n
\n
\n
\n

\n\n

\n
\n", "content_text": "Linux 4.1\u3067ext4\u306e\u6697\u53f7\u5316\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u304c\u53d6\u308a\u8fbc\u307e\u308c\u3066\u3044\u308b\u306e\u306b\u6c17\u3065\u3044\u305f\u306e\u3067\u5c11\u3057\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\uff0e\ncCryptFS\u3084EncFS\u306a\u3069\u3068\u540c\u3058\u3088\u3046\u306b\u30d5\u30a1\u30a4\u30eb\u5358\u4f4d\u3067\u306e\u6697\u53f7\u5316\u3067\u3059\uff0e\u524d\u3082\u3063\u3066\u6697\u53f7\u5316\u30d5\u30e9\u30b0\u3092\u8a2d\u5b9a\u3057\u3066\u3042\u308c\u3070\u4e00\u822c\u30e6\u30fc\u30b6\u304c\u52dd\u624b\u306b\u6697\u53f7\u9818\u57df\u3092\u4f5c\u308b\u3053\u3068\u3082\u53ef\u80fd\u3067\u3057\u305f\uff0eeCryptFS\u3084EncFS\u306e\u3088\u3046\u306a\u4f7f\u3044\u65b9\u3082\u53ef\u80fd\u305d\u3046\u3067\u3059\uff0e\u6050\u3089\u304f\u901f\u5ea6\u306f\u3053\u3061\u3089\u306e\u307b\u3046\u304c\u901f\u3044\u3067\u3057\u3087\u3046(\u672a\u78ba\u8a8d)\uff0e\u305f\u3060\uff0c\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u304c\u308f\u304b\u3063\u3066\u3057\u307e\u3046\u3068\u5225\u306e\u30e6\u30fc\u30b6\u304b\u3089\u3082\u30de\u30a6\u30f3\u30c8\u53ef\u80fd\u3060\u3057\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u304c\u3042\u308c\u3070\u8aad\u307f\u66f8\u304d\u3082\u51fa\u6765\u308b\u306e\u3067\u901a\u5e38\u306e\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3068\u540c\u69d8\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u306e\u8a2d\u5b9a\u306f\u5fc5\u9808\u3067\u3059\u306d\uff0e\n\u30d1\u30fc\u30c6\u30a3\u30b7\u30e7\u30f3\u5185\u5168\u3066\u3092\u6697\u53f7\u5316\u3059\u308b\u3053\u3068\u306f\u51fa\u6765\u306a\u3044\u3088\u3046\u306a\u306e\u3067LUKS(dm-crypt)\u3068\u306f\u5358\u7d14\u306b\u7a7a\u304d\u304b\u3048\u308b\u3053\u3068\u306f\u3067\u304d\u306a\u3055\u305d\u3046\u3067\u3059\uff0e\n\u305d\u3093\u306a\u3053\u3093\u306a\u3067\u3082\u3068\u3082\u3068Android\u5411\u3051\u3068\u3044\u3046\u3053\u3068\u3082\u3042\u3063\u3066PC/Server\u3067\u306f\u3042\u307e\u308a\u4f7f\u3044\u307f\u3061\u304c\u601d\u3044\u3064\u304b\u306a\u3044\u611f\u3058\u3067\u3059\uff0e(\u4f55\u304b\u3044\u3044\u4f7f\u3044\u65b9\u3042\u308a\u305d\u3046\u3060\u3051\u3069\u2026\u2026\uff0e)\n\u5fc5\u8981\u6761\u4ef6\u78ba\u8a8d\n\nLinux 4.1\u4ee5\u4e0a\n\n\n$ uname -r\r\n4.9.0-2-amd64\r\n\n\n\nCONFIG_EXT4_ENCRYPTION\u304c\u6709\u52b9\n\n\n$ grep CONFIG_EXT4_ENCRYPTION /boot/config-`uname -r`\r\nCONFIG_EXT4_ENCRYPTION=y\r\n\n\n\ne2fsprogs 1.43\u4ee5\u4e0a\n\n\n$ dpkg-query -W e2fsprogs\r\ne2fsprogs 1.43.4-2\r\n\n\n\n\u30d6\u30ed\u30c3\u30af\u30b5\u30a4\u30ba\u304c4k\n\n\n$ sudo dumpe2fs /dev/loop0 | grep -i 'block size'\r\ndumpe2fs 1.43.4 (31-Jan-2017)\r\nBlock size: 4096\r\n\n\n\u5fc5\u8981\u306a\u30d1\u30c3\u30b1\u30fc\u30b8\u306e\u5c0e\u5165\n\n$ sudo apt install e2fsprogs keyutils util-linux coreutils mount\r\n\n\n\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306e\u7528\u610f\n\u4eca\u56de\u306f\u65e2\u5b58\u306e\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u5185\u306b\u30c7\u30a3\u30b9\u30af\u30a4\u30e1\u30fc\u30b8\u3092\u4f5c\u6210\u3057\u3066\u305d\u308c\u3092\u5229\u7528\n\n1GB\u306e\u30c7\u30a3\u30b9\u30af\u30a4\u30e1\u30fc\u30b8\u306e\u4f5c\u6210\n\n\n$ dd if=/dev/zero of=ext4-crypt.img seek=1073741824 bs=1 count=1\r\n1+0 \u30ec\u30b3\u30fc\u30c9\u5165\u529b\r\n1+0 \u30ec\u30b3\u30fc\u30c9\u51fa\u529b\r\n1 byte copied, 0.000118528 s, 8.4 kB/s\r\n\n\n\n\u30d1\u30fc\u30c6\u30a3\u30b7\u30e7\u30f3\u306e\u4f5c\u6210\nprimary\u30921\u3064\u4f5c\u6210\n\n\n$ /sbin/fdisk ext4-crypt.img\r\n\r\nWelcome to fdisk (util-linux 2.29.2).\r\nChanges will remain in memory only, until you decide to write them.\r\nBe careful before using the write command.\r\n\r\nDevice does not contain a recognized partition table.\r\nCreated a new DOS disklabel with disk identifier 0xa25a3988.\r\n\r\nCommand (m for help): n\r\nPartition type\r\n p primary (0 primary, 0 extended, 4 free)\r\n e extended (container for logical partitions)\r\nSelect (default p): p\r\nPartition number (1-4, default 1): \r\nFirst sector (2048-2097151, default 2048): \r\nLast sector, +sectors or +size{K,M,G,T,P} (2048-2097151, default 2097151): \r\n\r\nCreated a new partition 1 of type 'Linux' and of size 1023 MiB.\r\n\r\nCommand (m for help): w\r\nThe partition table has been altered.\r\nSyncing disks.\r\n\n\n\next4\u3067\u30d5\u30a9\u30fc\u30de\u30c3\u30c8\n\n\n$ /sbin/mkfs.ext4 ./ext4-crypt.img \r\nmke2fs 1.43.4 (31-Jan-2017)\r\nFound a dos partition table in ./ext4-crypt.img\r\nProceed anyway? (y,N) y\r\nDiscarding device blocks: done \r\nCreating filesystem with 262144 4k blocks and 65536 inodes\r\nFilesystem UUID: dc44fd43-7d7a-4dfc-87f1-dc52410e2dd1\r\nSuperblock backups stored on blocks: \r\n 32768, 98304, 163840, 229376\r\n\r\nAllocating group tables: done \r\nWriting inode tables: done \r\nCreating journal (8192 blocks): done\r\nWriting superblocks and filesystem accounting information: done\r\n\n\n\n\u30de\u30a6\u30f3\u30c8\n\n\n$ sudo mount -o loop ./ext4-crypt.img /mnt\r\n$ grep /mnt /etc/mtab \r\n/dev/loop0 /mnt ext4 rw,relatime,data=ordered 0 0\r\n\n\n\n\u30aa\u30fc\u30ca\u30fc\uff0c\u30b0\u30eb\u30fc\u30d7\u306e\u5909\u66f4\n\n\n$ sudo chown `id -u`.`id -g` /mnt\r\n$ ls -la /mnt\r\n\u5408\u8a08 36\r\ndrwxr-xr-x 3 mk mk 4096 4\u6708 2 04:58 .\r\ndrwxr-xr-x 1 root root 248 3\u6708 28 02:19 ..\r\ndrwx------ 2 root root 16384 4\u6708 2 04:58 lost+found\r\n\n\next4\u6697\u53f7\u5316\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306e\u5229\u7528\n\next4\u306e\u6697\u53f7\u5316\u30d5\u30e9\u30b0\u3092\u8a2d\u5b9a\n\n\n$ sudo tune2fs -O encrypt /dev/loop0\r\n$ sudo dumpe2fs /dev/loop0 | grep -io encrypt\r\ndumpe2fs 1.43.4 (31-Jan-2017)\r\nencrypt\r\n\n\n\n\u9375\u306e\u751f\u6210\u3068\u30ad\u30fc\u30ea\u30f3\u30b0\u3078\u306e\u8ffd\u52a0\n\n\n$ /usr/sbin/e4crypt add_key\r\nEnter passphrase (echo disabled): \r\nAdded key with descriptor [07a3ce5a6ebf0396]\r\n$ keyctl show\r\nSession Keyring\r\n1048296028 --alswrv 1000 1000 keyring: _ses\r\n 615559430 --alsw-v 1000 1000 \\_ logon: ext4:07a3ce5a6ebf0396\r\n\n\n\u203b\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u306e\u5165\u529b\u306f1\u56de\u3060\u3051\u3067\u78ba\u8a8d\u3055\u308c\u306a\u3044\u306e\u3067\u521d\u56de\u306f\u7279\u306b\u6ce8\u610f\uff0e\u5229\u7528\u3057\u306f\u3058\u3081\u308b\u524d\u306b\u30ad\u30fc\u30ea\u30f3\u30b0\u3092\u30af\u30ea\u30a2\u3057\u3066\u767b\u9332\u3057\u76f4\u3057\u3066\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u304c\u6b63\u3057\u3044\u304b\u78ba\u8a8d\u3057\u3066\u304a\u304f\uff0e\n\n\u6697\u53f7\u5316\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a\n\n\u3053\u306e\u3068\u304d\u5bfe\u8c61\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u7a7a\u3067\u306f\u306a\u3044\u5834\u5408\u30a8\u30e9\u30fc\u3068\u306a\u308b( Error [Directory not empty] setting policy. )\u306e\u3067\u6ce8\u610f\uff0e\n\u30de\u30a6\u30f3\u30c8\u30dd\u30a4\u30f3\u30c8\u306b\u306flost+found\u304c\u5b58\u5728\u3059\u308b\u306e\u3067\u5fc5\u305a\u30b5\u30d6\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u4ee5\u4e0b\u3067\u3042\u308b\u5fc5\u8981\u304c\u3042\u308b\uff0e\n\n$ mkdir /mnt/encryption\r\n$ /usr/sbin/e4crypt set_policy 07a3ce5a6ebf0396 /mnt/encryption\r\nKey with descriptor [07a3ce5a6ebf0396] applied to /mnt/encryption.\r\n\n\n\u203b\u9375\u306e\u751f\u6210\u3068\u30ad\u30fc\u30ea\u30f3\u30b0\u3078\u306e\u8ffd\u52a0\u3068\u6697\u53f7\u5316\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a\u306f\u6b21\u306e\u3088\u3046\u306b\u3059\u308b\u3053\u3068\u3067\u4e00\u5ea6\u306b\u8a2d\u5b9a\u53ef\u80fd\n\n$ /usr/sbin/e4crypt add_key /mnt/encryption\r\n\n\n\n\u6697\u53f7\u5316\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u9818\u57df\u306b\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\n\n\n$ echo 'hello' > /mnt/encryption/test.txt\r\n$ ls -la /mnt/encryption\r\n\u5408\u8a08 12\r\ndrwxr-xr-x 2 mk mk 4096 4\u6708 2 05:07 .\r\ndrwxr-xr-x 4 mk mk 4096 4\u6708 2 05:06 ..\r\n-rw-r--r-- 1 mk mk 6 4\u6708 2 05:07 test.txt\r\n\n\n\n\u30ad\u30fc\u30ea\u30f3\u30b0\u306e\u30af\u30ea\u30a2\n\n\n$ sudo keyctl clear @s\r\n$ sudo keyctl show\r\nSession Keyring\r\n1048296028 --alswrv 1000 1000 keyring: _ses\r\n\n\n\u30ad\u30fc\u30ea\u30f3\u30b0\u3092\u30af\u30ea\u30a2\u3057\u305f\u3060\u3051\u3067\u306f\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\n\n$ ls -lA /mnt/encryption\r\n\u5408\u8a08 12\r\n-rw-r--r-- 1 mk mk 6 4\u6708 2 05:07 test.txt\r\n\n\n\n\u30a2\u30f3\u30de\u30a6\u30f3\u30c8\u3068\u30de\u30a6\u30f3\u30c8\u3057\u76f4\u3057\n\n\u30ad\u30fc\u30ea\u30f3\u30b0\u3092\u30af\u30ea\u30a2\u3057\u305f\u72b6\u614b\u3067\u30a2\u30f3\u30de\u30a6\u30f3\u30c8\u3059\u308b\u3068\u6697\u53f7\u5316\u3055\u308c\u305f\u72b6\u614b\u306b\u623b\u308b\n\n$ sudo umount /mnt\r\n$ sudo mount -o loop ./ext4-crypt.img /mnt\r\n$ ls -la /mnt/encryption\r\n\u5408\u8a08 12\r\ndrwxr-xr-x 2 mk mk 4096 4\u6708 2 05:42 .\r\ndrwxr-xr-x 4 mk mk 4096 4\u6708 2 05:06 ..\r\n-rw-r--r-- 1 mk mk 6 4\u6708 2 05:42 uzUlJZQfaxMx,7cC63,53A\r\n$ cat /mnt/encryption/uzUlJZQfaxMx,7cC63,53A \r\ncat: /mnt/encryption/uzUlJZQfaxMx,7cC63,53A: \u8981\u6c42\u3055\u308c\u305f\u30ad\u30fc\u304c\u5229\u7528\u3067\u304d\u307e\u305b\u3093\r\n\n\n\u30e6\u30fc\u30b6\uff0c\u30b0\u30eb\u30fc\u30d7\uff0c\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u306a\u3069\u306f\u898b\u3048\u308b\uff0e\u5185\u5bb9\u306b\u306f\u30a2\u30af\u30bb\u30b9\u3067\u304d\u306a\u3044\uff0e\n\n\u518d\u5ea6\u6697\u53f7\u5316\u9818\u57df\u3092\u5229\u7528\u51fa\u6765\u308b\u3088\u3046\u306b\u3059\u308b\n\n\u9375\u306e\u751f\u6210\u3068\u30ad\u30fc\u30ea\u30f3\u30b0\u3078\u306e\u8ffd\u52a0\u3068\u6697\u53f7\u5316\u30dd\u30ea\u30b7\u30fc\u306e\u8a2d\u5b9a\u3092\u3057\u76f4\u3059\u3068\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308b\n\n$ /usr/sbin/e4crypt add_key /mnt/encryption\r\nEnter passphrase (echo disabled): \r\nAdded key with descriptor [07a3ce5a6ebf0396]\r\n$ ls -la /mnt/encryption\r\n\u5408\u8a08 12\r\ndrwxr-xr-x 2 mk mk 4096 4\u6708 2 05:42 .\r\ndrwxr-xr-x 4 mk mk 4096 4\u6708 2 05:06 ..\r\n-rw-r--r-- 1 mk mk 6 4\u6708 2 05:42 test.txt\r\n\n\n\u30d5\u30a1\u30a4\u30eb\u540d\u9577\u306e\u78ba\u8a8d\nEncFS\u306a\u3069\u306f\u30d5\u30a1\u30a4\u30eb\u540d\u306e\u30e1\u30bf\u30c7\u30fc\u30bf\u304c\u30d5\u30a1\u30a4\u30eb\u540d\u5185\u306b\u3042\u308b\u306e\u3067\u5229\u7528\u3067\u304d\u308b\u30d5\u30a1\u30a4\u30eb\u540d\u9577\u304c\u77ed\u304f\u306a\u3063\u3066\u3057\u307e\u3046\uff0eext4\u3067\u306f\u3069\u3046\u304b\u8a66\u3059\uff0e\n\n\u901a\u5e38\u306eext4\u9818\u57df\u3067\u306f256\u6587\u5b57\n\n\n$ touch /mnt/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456\r\ntouch: '/mnt/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456' \u306b touch \u3067\u304d\u307e\u305b\u3093: \u30d5\u30a1\u30a4\u30eb\u540d\u304c\u9577\u3059\u304e\u307e\u3059\r\n$ touch /mnt/123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345\r\n\n\n\n\u6697\u53f7\u5316\u9818\u57df\u3082\u540c\u69d8\u3060\u3063\u305f\n\n\n$ touch /mnt/encryption/123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345\r\n$ ls -lA /mnt/encryption/\r\n\u5408\u8a08 4\r\n-rw-r--r-- 1 mk mk 0 4\u6708 2 07:14 123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345\r\n-rw-r--r-- 1 mk mk 6 4\u6708 2 05:42 test.txt\r\n\n\n\n\u975e\u6697\u53f7\u5316\u72b6\u614b\u3067\u306f\u3053\u3093\u306a\u72b6\u614b\n\n\n-rw-r--r-- 1 mk mk 0 4\u6708 2 07:14 _OsoePJvc3qPQCPHbUMtjSynszcHig3BL\r\n-rw-r--r-- 1 mk mk 6 4\u6708 2 05:42 uzUlJZQfaxMx,7cC63,53A\r\n\n\n\u5fa9\u53f7\u72b6\u614b\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u306f\u5225\u306e\u5834\u6240\u306b\u8a18\u9332\u3055\u308c\u3066\u3044\u308b\u3088\u3046\uff0e\n\u8907\u6570\u306e\u6697\u53f7\u5316\u9818\u57df\u3092\u4f5c\u3063\u3066\u307f\u308b\n\n\u65b0\u3057\u3044\u6697\u53f7\u5316\u9818\u57df\u306e\u305f\u3081\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\n\n\n$ mkdir /mnt/encryption2\r\n$ ls -la /mnt/encryption2\r\n\u5408\u8a08 8\r\ndrwxr-xr-x 2 mk mk 4096 4\u6708 2 06:49 .\r\ndrwxr-xr-x 5 mk mk 4096 4\u6708 2 06:49 ..\r\n\n\n\n\u6697\u53f7\u5316\u8a2d\u5b9a\n\n\n$ sudo e4crypt add_key /mnt/encryption2\r\nEnter passphrase (echo disabled):\r\nKey with descriptor [9640dd016062b432] already exists\r\nKey with descriptor [9640dd016062b432] applied to /mnt/encryption2.\r\n$ keyctl show\r\nSession Keyring \r\n1048296028 --alswrv 1000 1000 keyring: _ses\r\n 94779002 --alsw-v 0 0 \\_ logon: ext4:69ca01e214957173\r\n 219437542 --alsw-v 0 0 \\_ logon: ext4:07a3ce5a6ebf0396\r\n1025344233 --alsw-v 0 0 \\_ logon: ext4:9640dd016062b432\r\n$ touch /mnt/encryption2/hoge\r\n\n\n\n\u4e00\u56de\u6697\u53f7\u5316\u3092\u89e3\u9664\u3057\u3066\u30de\u30a6\u30f3\u30c8\u3057\u76f4\u3059\n\n\n$ keyctl clear @s\r\n$ keyctl show\r\nSession Keyring \r\n1048296028 --alswrv 1000 1000 keyring: _ses\r\n$ sudo umount /mnt\r\n$ sudo mount -o loop ./ext4-crypt.img /mnt\r\n\n\n\n\u7247\u65b9\u3060\u3051\u9375\u3092\u767b\u9332\u3057\u3066\u6697\u53f7\u5316\u9818\u57df\u3092\u5229\u7528\n\n\n$ sudo e4crypt add_key /mnt/encryption2\r\nEnter passphrase (echo disabled):\r\nAdded key with descriptor [9640dd016062b432]\r\nKey with descriptor [9640dd016062b432] applied to /mnt/encryption2.\r\n$ ls -la /mnt/encryption*\r\n/mnt/encryption: \r\n\u5408\u8a08 12\r\ndrwxr-xr-x 2 mk mk 4096 4\u6708 2 06:11 .\r\ndrwxr-xr-x 5 mk mk 4096 4\u6708 2 06:49 ..\r\n-rw-r--r-- 1 mk mk 0 4\u6708 2 06:11 _OsoePJvc3qPQCPHbUMtjSynszcHig3BL\r\n-rw-r--r-- 1 mk mk 6 4\u6708 2 05:42 uzUlJZQfaxMx,7cC63,53A\r\n\r\n/mnt/encryption2: \r\n\u5408\u8a08 8\r\ndrwxr-xr-x 2 mk mk 4096 4\u6708 2 06:51 .\r\ndrwxr-xr-x 5 mk mk 4096 4\u6708 2 06:49 ..\r\n-rw-r--r-- 1 mk mk 0 4\u6708 2 06:51 hoge\r\n\n\n\u6697\u53f7\u5316\u9818\u57df\u306b\u9375\u304c\u767b\u9332\u3055\u308c\u3066\u306a\u3044\u72b6\u614b\u3067\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u3063\u3066\u307f\u308b\n\u6697\u53f7\u5316\u9818\u57df\u306b\u9375\u304c\u767b\u9332\u3055\u308c\u3066\u306a\u3044\u72b6\u614b\u3067\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u308b\u3068\u3069\u3046\u306a\u308b\u304b\u3092\u78ba\u8a8d\uff0e\n\n$ ls -lA /mnt/encryption\r\n\u5408\u8a08 4\r\n-rw-r--r-- 1 mk mk 0 4\u6708 2 07:14 _OsoePJvc3qPQCPHbUMtjSynszcHig3BL\r\n-rw-r--r-- 1 mk mk 6 4\u6708 2 05:42 uzUlJZQfaxMx,7cC63,53A\r\nmk@x220:~ (1180)$ touch /mnt/encryption/test\r\ntouch: '/mnt/encryption/test' \u306e\u30bf\u30a4\u30e0\u30b9\u30bf\u30f3\u30d7\u3092\u8a2d\u5b9a\u4e2d\u3067\u3059: \u305d\u306e\u3088\u3046\u306a\u30d5\u30a1\u30a4\u30eb\u3084\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306f\u3042\u308a\u307e\u305b\u3093\r\nmk@x220:~ (1181)$ ls -lA /mnt/encryption\r\n\u5408\u8a08 4\r\n-rw-r--r-- 1 mk mk 0 4\u6708 2 07:14 _OsoePJvc3qPQCPHbUMtjSynszcHig3BL\r\n-rw-r--r-- 1 mk mk 6 4\u6708 2 05:42 uzUlJZQfaxMx,7cC63,53A\r\n\n\n\u30a8\u30e9\u30fc\u3068\u306a\u3063\u3066\u4f5c\u308c\u306a\u3044\uff0e\n\u5225\u306e\u30e6\u30fc\u30b6\u3067\u5229\u7528\n\n\u5225\u306e\u30e6\u30fc\u30b6\u3067\u4e2d\u304c\u898b\u3048\u308b\u304b\u78ba\u8a8d\n\n\n$ id\r\nuid=1001(gm) gid=1001(gm) groups=1001(gm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(netdev)\r\n$ ls -la /mnt/encryption\r\n\u5408\u8a08 12\r\ndrwxr-xr-x 2 mk mk 4096 4\u6708 2 06:11 .\r\ndrwxr-xr-x 7 mk mk 4096 4\u6708 2 07:48 ..\r\n-rw-r--r-- 1 mk mk 0 4\u6708 2 07:14 _OsoePJvc3qPQCPHbUMtjSynszcHig3BL\r\n-rw-r--r-- 1 mk mk 6 4\u6708 2 05:42 uzUlJZQfaxMx,7cC63,53A\r\n$ ls -la /mnt/encryption\r\n\u5408\u8a08 12\r\ndrwxrwxrwx 2 mk mk 4096 4\u6708 2 06:11 .\r\ndrwxr-xr-x 7 mk mk 4096 4\u6708 2 07:48 ..\r\n-rw-r--r-- 1 mk mk 0 4\u6708 2 07:14 123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345\r\n-rw-r--r-- 1 mk mk 6 4\u6708 2 05:42 test.txt\r\n\n\n\n\u6a29\u9650\u304c\u3042\u308c\u3070\u30d5\u30a1\u30a4\u30eb\u4f5c\u6210\u3082\u3067\u304d\u308b\n\n\n$ touch /mnt/encryption/other_user\r\n$ ls -lA /mnt/encryption\r\n\u5408\u8a08 4\r\n-rw-r--r-- 1 mk mk 0 4\u6708 2 07:14 123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345\r\n-rw-r--r-- 1 gm gm 0 4\u6708 2 07:55 other_user\r\n-rw-r--r-- 1 mk mk 6 4\u6708 2 05:42 test.txt\r\n\n\n\n\u6697\u53f7\u5316\u89e3\u9664\u306f\u51fa\u6765\u306a\u3044\u3068\u601d\u3063\u305f\u304c\uff0c\n\n\n$ /usr/sbin/e4crypt add_key /mnt/encryption\r\n/mnt/encryption: Permission denied\r\n\n\n\n\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u3092\u3086\u308b\u304f\u3057\u3066\u3084\u308b\u3068\u51fa\u6765\u3066\u3057\u307e\u3046\uff0e\n\n\n$ ls -la /mnt/encryption\r\n\u5408\u8a08 12\r\ndrwxrwxrwx 2 mk mk 4096 4\u6708 2 07:55 .\r\ndrwxr-xr-x 7 mk mk 4096 4\u6708 2 07:48 ..\r\n-rw-r--r-- 1 gm gm 0 4\u6708 2 07:55 97NmIBETx,1q9US96etRsA\r\n-rw-r--r-- 1 mk mk 0 4\u6708 2 07:14 _OsoePJvc3qPQCPHbUMtjSynszcHig3BL\r\n-rw-r--r-- 1 mk mk 6 4\u6708 2 05:42 uzUlJZQfaxMx,7cC63,53A\r\n$ /usr/sbin/e4crypt add_key /mnt/encryption\r\nEnter passphrase (echo disabled): \r\nAdded key with descriptor [07a3ce5a6ebf0396]\r\nError [Permission denied] setting policy.\r\nThe key descriptor [07a3ce5a6ebf0396] may not match the existing encryption context for directory [/mnt/encryption].\r\n$ ls -lA /mnt/encryption\r\n\u5408\u8a08 4\r\n-rw-r--r-- 1 mk mk 0 4\u6708 2 07:14 123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345\r\n-rw-r--r-- 1 gm gm 0 4\u6708 2 07:55 other_user\r\n-rw-r--r-- 1 mk mk 6 4\u6708 2 05:42 test.txt", "date_published": "2017-04-02T08:20:44+09:00", "date_modified": "2017-04-02T08:47:16+09:00", "authors": [ { "name": "matoken", "url": "https://matoken.org/blog/author/matoken/", "avatar": "https://secure.gravatar.com/avatar/38f5f3b575c5eb45cda6aa659bca119ac7a5e16b46565e869d0030e3bd66981d?s=512&d=mm&r=g" } ], "author": { "name": "matoken", "url": "https://matoken.org/blog/author/matoken/", "avatar": "https://secure.gravatar.com/avatar/38f5f3b575c5eb45cda6aa659bca119ac7a5e16b46565e869d0030e3bd66981d?s=512&d=mm&r=g" }, "tags": [ "Debian", "Debian sid", "encryption", "encryption file system", "ext4", "Linux", "sid" ] } ] }