ecryptfs-stat

ecryptfs-stat [OPTIONS] PATH

PATH
    The target path, which can be an eCryptfs mount point or an encrypted file/directory within an eCryptfs mount. This is the primary argument.

-h, --help
    Displays a brief usage message and exits.

-v, --version
    Outputs version information and exits.

-i, --infile
    Specify an input file to read policy information from. Less commonly used than directly providing PATH.

ecryptfs-stat is a utility included with the eCryptfs cryptographic filesystem package. It provides detailed statistical and policy information about eCryptfs encrypted files and directories. When executed against an eCryptfs mount point, it can show the status of the master key, key caches, and overall policy applied to the mount. When run against an individual encrypted file within an eCryptfs mount, it reveals details such as the master key signature associated with that file, whether filename encryption is enabled, and other file-specific encryption policies. This command is invaluable for verifying the encryption status and ensuring correct configuration of eCryptfs mounts. It helps users understand which encryption parameters are active for a given path.

Requires the ecryptfs-utils package to be installed.
Only provides information for files and directories within an active eCryptfs mount.
The level of detail shown depends on the specific eCryptfs policy and kernel keyrings.
May require root privileges or appropriate user permissions to access kernel-level encryption information.

The output of ecryptfs-stat typically includes details like the master key signature (MKSIG) associated with the file or directory, the type of key utilized (e.g., passphrase, PKCS#11), whether filename encryption is active, and if the necessary keys are currently loaded into the kernel's keyrings. This information is crucial for debugging and verifying that encryption is functioning as expected for specific paths, helping administrators confirm encryption policies are correctly applied.

eCryptfs (Enterprise Cryptographic Filesystem) was developed primarily by Michael Halcrow at IBM and later at Canonical, designed to provide a layered cryptographic filesystem within the Linux kernel, offering per-file encryption capabilities. ecryptfs-stat is part of the ecryptfs-utils userspace package, which provides various tools for managing eCryptfs mounts. Its development is closely tied to the evolution of eCryptfs itself, particularly gaining prominence with its use for home directory encryption in Ubuntu, where tools like ecryptfs-stat became essential for diagnostics and verification.

ecryptfs-mount(8), ecryptfs-umount(8), ecryptfs-unwrap-passphrase(1), mount(8)