# FS-Crypt Service - [API reference](https://docs.qualcomm.com/doc/80-41102-2/topic/_doxygen_rst_file__doxygen_sources_taf_fsc_interface_h.html#file-taf-fsc-interface-h) Some of the directories in UBFS, or the whole UBIFS volume, which are used to store important data need to be encrypted, the FS-Crypt service encrypts the directories/volumes. FS-Crypt provides interfaces that create encryption directories. Working with FS-Crypt, client applications can lock/unlock specified directories. This component generates 156-bit AES keys, sets policy to specified directories with the generated key, and locks/unlocks data by adding/removing keys to/from the kernel keyring. ## IPC interfaces binding The functions of this API are provided by the **tafKeyStoreSvc** application service. The following example illustrates how to bind to the FS-Crypt service. bindings: { clientExe.clientComponent.taf_fsc -> tafKeyStoreSvc.taf_fsc } Copy to clipboard ## Storage management FS-Crypt storage can be initialized by calling [taf\_fsc\_GetStorageRef()](https://docs.qualcomm.com/doc/80-41102-2/topic/function_a00482_1a3230ffcdb14c840af1034b37a900b01b.html#Documentationa00482_1a3230ffcdb14c840af1034b37a900b01b) with the specified directory path as the input parameter. If the specified directory doesn’t exist in the current system, a new one with the given name will be created. A storage reference is returned to the client for FS-Crypt storage operations. Applications only call the following interfaces to finish storage manipulation and there is no need to care about key management or encryption and decryption operation as these actions will be maintained at the service backend. The following storage APIs are supported. - [taf\_fsc\_GetStorageRef()](https://docs.qualcomm.com/doc/80-41102-2/topic/function_a00482_1a3230ffcdb14c840af1034b37a900b01b.html#Documentationa00482_1a3230ffcdb14c840af1034b37a900b01b) — Gets the FS-Crypt storage object reference. - [taf\_fsc\_LockStorage()](https://docs.qualcomm.com/doc/80-41102-2/topic/function_a00482_1a1baa041f09cdb0224c08f3358b825976.html#Documentationa00482_1a1baa041f09cdb0224c08f3358b825976) — Removes an FS-Crypt key from the kernel keyring to lock the directory. - [taf\_fsc\_UnlockStorage()](https://docs.qualcomm.com/doc/80-41102-2/topic/function_a00482_1a9faf3c372cbc78acb70382cd64dc5eca.html#Documentationa00482_1a9faf3c372cbc78acb70382cd64dc5eca) — Adds an FS-Crypt key to the kernel keyring to unlock the directory. - [taf\_fsc\_DeleteStorage()](https://docs.qualcomm.com/doc/80-41102-2/topic/function_a00482_1a3647f784073bc3c989a959a804334e20.html#Documentationa00482_1a3647f784073bc3c989a959a804334e20) — Cleans the FS-Crypt directory and ecryption key. The following example illustrates how to initialize FS-Crypt storage and lock the directory. le_result_t result; taf_fsc_StorageRef_t storageRef = taf_fsc_GetStorageRef("/app/test", &result); if(LE_OK == result){ // Process of the storage } else{ // Error process } result == taf_fsc_LockStorage(storageRef); if(LE_OK == result){ // Process of the storage } else{ // Error process } Copy to clipboard **NOTE:** Storage will be unlocked after calling taf\_fsc\_GetStorageRef. After calling taf\_fsc\_GetStorageRef, the generated key for the specified directory is added to the kernel keyring, meaning that the storage is in the Unlocked state and the client app can access the directory without calling [taf\_fsc\_UnlockStorage()](https://docs.qualcomm.com/doc/80-41102-2/topic/function_a00482_1a9faf3c372cbc78acb70382cd64dc5eca.html#Documentationa00482_1a9faf3c372cbc78acb70382cd64dc5eca). **NOTE:** The key removing mechanism will be triggered during shutdown. To avoid raw keys being copied from non-volatile storage, the service removes all keys from the kernel keyring when the system is shutting down. The FS-Crypt encryption feature only supports “UBIFS on-flash format version 5”, trying to encrypt for unexpected UBIFS format versions results in an error. Last Published: Jun 09, 2026 [Previous Topic eCall Service](https://docs.qualcomm.com/bundle/publicresource/80-41102-2/topics/page_c_tafecall.md) [Next Topic GPIO Service](https://docs.qualcomm.com/bundle/publicresource/80-41102-2/topics/page_c_tafgpio.md)