CheckSupport returns an error if the filesystem containing path does not support filesystem encryption.

GetPolicy returns the Policy data for the given directory or file (includes the KeyDescriptor and the encryption options).

ReadConfig writes the JSON data into the config structure.

SetPolicy sets up the specified directory to be encrypted with the specified policy.

WriteConfig outputs the Config data as nicely formatted JSON.

We use SHA256 for the HMAC, and len(HMAC) == len(hash size).

We always use 256-bit keys internally (compared to 512-bit policy keys).

Lengths for our keys, buffers, and strings used in fscrypt.

MaxParallelism is the maximum allowed value for HashingCosts.Parallelism.

Length of policy descriptor (in hex chars) for v1 encryption policies.

Length of policy descriptor (in hex chars) for v2 encryption policies.

PolicyKeyLen is the length of all keys passed directly to the Keyring.

Length of protector descriptor (in hex chars).

Lengths for our keys, buffers, and strings used in fscrypt.

DefaultOptions use the supported encryption modes, max padding, and policy version 1.

DefaultSource is the source we use if none is specified.

Enum value maps for EncryptionOptions_Mode.

Enum value maps for EncryptionOptions_Mode.

ErrEncryptionNotEnabled indicates that encryption is not supported on the given filesystem, but there is a way to enable it.

ErrEncryptionNotSupported indicates that encryption is not supported on the given filesystem, and there is no way to enable it.

Enum value maps for SourceType.

Enum value maps for SourceType.

Data stored in the config file.

Encryption policy specifics, corresponds to the fscrypt_policy struct.

ErrAlreadyEncrypted indicates that the path is already encrypted.

ErrBadEncryptionOptions indicates that unsupported encryption options were given.

ErrDirectoryNotOwned indicates a directory can't be encrypted because it's owned by another user.

ErrLockedRegularFile indicates that the path is a locked regular file.

ErrNotEncrypted indicates that the path is not encrypted.

Cost parameters to be used in our hashing functions.

The associated data for each policy.

The associated data for each protector.

This structure is used for our authenticated wrapping/unwrapping of keys.

Metadata is the interface to all of the protobuf structures that can be checked for validity.

Type of encryption; should match declarations of unix.FSCRYPT_MODE.

Specifies the method in which an outside secret is obtained for a Protector.