mirror of
https://github.com/torvalds/linux
synced 2024-11-05 18:23:50 +00:00
5d91192e66
Signed-off-by: Josef 'Jeff' Sipek <jsipek@cs.sunysb.edu> Acked-by: Michael Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
77 lines
2.3 KiB
Text
77 lines
2.3 KiB
Text
eCryptfs: A stacked cryptographic filesystem for Linux
|
|
|
|
eCryptfs is free software. Please see the file COPYING for details.
|
|
For documentation, please see the files in the doc/ subdirectory. For
|
|
building and installation instructions please see the INSTALL file.
|
|
|
|
Maintainer: Phillip Hellewell
|
|
Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com>
|
|
Developers: Michael C. Thompson
|
|
Kent Yoder
|
|
Web Site: http://ecryptfs.sf.net
|
|
|
|
This software is currently undergoing development. Make sure to
|
|
maintain a backup copy of any data you write into eCryptfs.
|
|
|
|
eCryptfs requires the userspace tools downloadable from the
|
|
SourceForge site:
|
|
|
|
http://sourceforge.net/projects/ecryptfs/
|
|
|
|
Userspace requirements include:
|
|
- David Howells' userspace keyring headers and libraries (version
|
|
1.0 or higher), obtainable from
|
|
http://people.redhat.com/~dhowells/keyutils/
|
|
- Libgcrypt
|
|
|
|
|
|
NOTES
|
|
|
|
In the beta/experimental releases of eCryptfs, when you upgrade
|
|
eCryptfs, you should copy the files to an unencrypted location and
|
|
then copy the files back into the new eCryptfs mount to migrate the
|
|
files.
|
|
|
|
|
|
MOUNT-WIDE PASSPHRASE
|
|
|
|
Create a new directory into which eCryptfs will write its encrypted
|
|
files (i.e., /root/crypt). Then, create the mount point directory
|
|
(i.e., /mnt/crypt). Now it's time to mount eCryptfs:
|
|
|
|
mount -t ecryptfs /root/crypt /mnt/crypt
|
|
|
|
You should be prompted for a passphrase and a salt (the salt may be
|
|
blank).
|
|
|
|
Try writing a new file:
|
|
|
|
echo "Hello, World" > /mnt/crypt/hello.txt
|
|
|
|
The operation will complete. Notice that there is a new file in
|
|
/root/crypt that is at least 12288 bytes in size (depending on your
|
|
host page size). This is the encrypted underlying file for what you
|
|
just wrote. To test reading, from start to finish, you need to clear
|
|
the user session keyring:
|
|
|
|
keyctl clear @u
|
|
|
|
Then umount /mnt/crypt and mount again per the instructions given
|
|
above.
|
|
|
|
cat /mnt/crypt/hello.txt
|
|
|
|
|
|
NOTES
|
|
|
|
eCryptfs version 0.1 should only be mounted on (1) empty directories
|
|
or (2) directories containing files only created by eCryptfs. If you
|
|
mount a directory that has pre-existing files not created by eCryptfs,
|
|
then behavior is undefined. Do not run eCryptfs in higher verbosity
|
|
levels unless you are doing so for the sole purpose of debugging or
|
|
development, since secret values will be written out to the system log
|
|
in that case.
|
|
|
|
|
|
Mike Halcrow
|
|
mhalcrow@us.ibm.com
|