Filesystem encryption manager
Syntax:
fsencrypt -p path -c cmd [-d domain] [-t type] [-K .|:|+|#|@key [-ooffset]]
[-k .|:|+|#|@key [-ooffset]] [-v] [-f] [-r] [-l log_path]
Options:
- -c cmd
- The command to run; one of:
- -d domain
- The domain number to be used (1-100).
- -f
- If path is a directory, make the move or remove action on the files as well.
- -K key
- Specify a secondary key, in the same form as for -k.
- -k key
- Specify key data in one of the following forms:
- -l log_path
- The path of the log file to use (stdout is the default).
- -n value
- Specify a secondary value that some commands require.
- -p path
- The mountpoint of a Power-Safe
(fs-qnx6.so)
filesystem.
- -r
- If path is a directory, take action on the entire tree.
- -t type
- Used in the creation of a domain to set the encryption mechanism.
The supported types include:
- 0 — no encryption
- 1 — XTS
- 2 — CBC
- -v[v...]
- Set verbosity. Each -v increases verbosity.
Description:
The fsencrypt utility manages the encryption of a
Power-Safe
(fs-qnx6.so)
filesystem.
Examples:
Create domain 10 on the root volume using a plain-text password with a
64-bit salt value:
fsencrypt -vc create -d10 -t1 -p/ -k.1234567890abcdef.mypassword
Unlock the domain:
fsencrypt -vc unlock -d10 -p/ -k.1234567890abcdef.mypassword
Add a directory to this domain:
fsencrypt -vc set -d10 -p/secure_dir