Generate `fscrypt.conf` with Adiantum as the encryption mode

google / fscrypt

Go tool for managing Linux filesystem encryption

Apache License 2.0

876 stars 97 forks source link

Generate `fscrypt.conf` with Adiantum as the encryption mode #392

Closed crodjer closed 8 months ago

crodjer commented 8 months ago

I am working on setting up some automation on my Raspberry Pis and would like to use Adiantum within /etc/fscrypt.conf when hardware AES isn't available. I had a couple of queries:

Is there a way to generate the initial configuration with Adiantum?
If not, is it okay if I continue to use the same hash_costs calculation and edit my options after the setup via Ansible?

ebiggers commented 8 months ago

The fscrypt setup command does not provide an option to customize the encryption algorithm, but you can just edit /etc/fscrypt.conf afterwards as follows:

                "contents": "Adiantum",   
                "filenames": "Adiantum",

You do not need to change anything in "hash_costs".

crodjer commented 8 months ago

Thanks for the very prompt response @ebiggers, that's what I have been using in my ansible playbook. As long as hash costs calculation is independent this works for me.