+Cc Joe Richey <joerichey@xxxxxxxxxx> Hi Matt, On Thu, Oct 26, 2017 at 11:20:16PM +0000, Grochowalski, Matthew (GE Aviation, US) wrote: > Is it possible to change the passphrase of a folder encrypted using e4crypt set_policy? e4crypt doesn't support changing the passphrase because it derives the master encryption key directly from the passphrase, rather than using the passphrase-derived key to unwrap another key. > I'm assuming I'd need to copy everything from one directory to another with a > different policy then delete the originals, That's fine as a workaround, although keep in mind you probably should delete the originals with 'shred' so that the old ciphertext (which is protected only by the old passphrase) is less likely to still exist on disk. > use as a passphrase then encrypt that with the actual user passphrase? Loosely speaking, that approach will work and is actually the proper way to support passphrase changes. However, implementing key derivation and key wrapping yourself is error-prone; it's the type of thing that is very easy to implement insecurely without knowing it. I suggest using the "fscrypt" program (https://github.com/google/fscrypt) which has implemented this already, with the wrapped keys stored in a ".fscrypt" directory in the root directory of the filesystem. It also has many other advantages, such as PAM support, and also working for f2fs and ubifs. In the future I expect we'll be more aggressively advertising fscrypt and documenting e4crypt (and f2fscrypt, which is e4crypt copy+pasted into f2fs-tools) as deprecated. You can ask Joe Richey, who is the primary author of the fscrypt program, for more details. Eric
