mirror of
https://github.com/koverstreet/bcachefs-tools.git
synced 2025-02-24 00:00:19 +03:00
54 lines
2.2 KiB
ReStructuredText
54 lines
2.2 KiB
ReStructuredText
|
|
|||
|
|
Encryption
|
|||
|
|
~~~~~~~~~~
|
|||
|
|
|
|||
|
|
bcachefs supports authenticated (AEAD style) encryption -
|
|||
|
|
ChaCha20/Poly1305. When encryption is enabled, the poly1305 MAC replaces
|
|||
|
|
the normal data and metadata checksums. This style of encryption is
|
|||
|
|
superior to typical block layer or filesystem level encryption (usually
|
|||
|
|
AES-XTS), which only operates on blocks and doesn’t have a way to store
|
|||
|
|
nonces or MACs. In contrast, we store a nonce and cryptographic MAC
|
|||
|
|
alongside data pointers - meaning we have a chain of trust up to the
|
|||
|
|
superblock (or journal, in the case of unclean shutdowns) and can
|
|||
|
|
definitely tell if metadata has been modified, dropped, or replaced with
|
|||
|
|
an earlier version - replay attacks are not possible.
|
|||
|
|
|
|||
|
|
Encryption can only be specified for the entire filesystem, not per file
|
|||
|
|
or directory - this is because metadata blocks do not belong to a
|
|||
|
|
particular file. All metadata except for the superblock is encrypted.
|
|||
|
|
|
|||
|
|
In the future we’ll probably add AES-GCM for platforms that have
|
|||
|
|
hardware acceleration for AES, but in the meantime software
|
|||
|
|
implementations of ChaCha20 are also quite fast on most platforms.
|
|||
|
|
|
|||
|
|
``scrypt`` is used for the key derivation function - for converting the
|
|||
|
|
user supplied passphrase to an encryption key.
|
|||
|
|
|
|||
|
|
To format a filesystem with encryption, use
|
|||
|
|
|
|||
|
|
::
|
|||
|
|
|
|||
|
|
bcachefs format --encrypted /dev/sda1
|
|||
|
|
|
|||
|
|
You will be prompted for a passphrase. Then, to use an encrypted
|
|||
|
|
filesystem use the command
|
|||
|
|
|
|||
|
|
::
|
|||
|
|
|
|||
|
|
bcachefs unlock /dev/sda1
|
|||
|
|
|
|||
|
|
You will be prompted for the passphrase and the encryption key will be
|
|||
|
|
added to your in-kernel keyring; mount, fsck and other commands will
|
|||
|
|
then work as usual.
|
|||
|
|
|
|||
|
|
The passphrase on an existing encrypted filesystem can be changed with
|
|||
|
|
the ``bcachefs set-passphrase`` command. To permanently unlock an
|
|||
|
|
encrypted filesystem, use the ``bcachefs remove-passphrase`` command -
|
|||
|
|
this can be useful when dumping filesystem metadata for debugging by the
|
|||
|
|
developers.
|
|||
|
|
|
|||
|
|
There is a ``wide_macs`` option which controls the size of the
|
|||
|
|
cryptographic MACs stored on disk. By default, only 80 bits are stored,
|
|||
|
|
which should be sufficient security for most applications. With the
|
|||
|
|
``wide_macs`` option enabled we store the full 128 bit MAC, at the cost
|
|||
|
|
of making extents 8 bytes bigger.
|