How to encrypt a file or a folder on f2fs?

Question

f2fs supports per-file encryption, however I can't find any resources about it.

• I know about eCryptFS, LUKS and encfs, that's not the same.

Answer 1

f2fs-tools includes, as of v.1.9, a tool for encryption management in the f2fs filesystem:

f2fscrypt

The manual page includes an example that shows how to encrypt a directory (along with instructions on how to setup a f2fs filesytem that supports encryption).

---

The only alternative to f2fscrypt that I know of is fscryptctl (I only tried it once and it was on a ext4 filesystem but according to the author it should work equally well on f2fs).

Answer 2

When enabling support to the filesystem in the Linux kernel, it is wise to enable at least the first four options in order to support extended filesystem attributes:

• CONFIG_F2FS_FS
• F2FS_FS_XATTR
• CONFIG_F2FS_FS_POSIX_ACL
• CONFIG_F2FS_FS_SECURITY

Enabling basic f2fs filesystem options

File systems  --->
   <*> F2FS filesystem support
   [*]   F2FS extended attributes
   [*]     F2FS Access Control Lists
   [*]     F2FS Security Labels
   [*]   F2FS consistency checking feature
   [*]   F2FS Encryption

Install the user space tools for the f2fs filesystem:

root #emerge --ask sys-fs/f2fs-tools

After emerging the userspace tools, create a filesystem by running the mkfs.f2fs command followed by the appropriate device and partition number:

root #mkfs.f2fs /dev/sdd1

Now at this point, afiak, we can do something like this: http://www.linuxquestions.org/questions/linux-security-4/how-to-use-f2fs-encryption-4175581121/ or this: http://blog.quarkslab.com/a-glimpse-of-ext4-filesystem-level-encryption.html. Will they play nice with trim? I'm not sure. I've been trying to get to the bottom of this for a while now and this is the best I can come up with.