About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Documentation / filesystems / ecryptfs.txt




Custom Search

Based on kernel version 3.13. Page generated on 2014-01-20 22:02 EST.

1	eCryptfs: A stacked cryptographic filesystem for Linux
2	
3	eCryptfs is free software. Please see the file COPYING for details.
4	For documentation, please see the files in the doc/ subdirectory.  For
5	building and installation instructions please see the INSTALL file.
6	
7	Maintainer: Phillip Hellewell
8	Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com>
9	Developers: Michael C. Thompson
10	            Kent Yoder
11	Web Site: http://ecryptfs.sf.net
12	
13	This software is currently undergoing development. Make sure to
14	maintain a backup copy of any data you write into eCryptfs.
15	
16	eCryptfs requires the userspace tools downloadable from the
17	SourceForge site:
18	
19	http://sourceforge.net/projects/ecryptfs/
20	
21	Userspace requirements include:
22	 - David Howells' userspace keyring headers and libraries (version
23	   1.0 or higher), obtainable from
24	   http://people.redhat.com/~dhowells/keyutils/
25	 - Libgcrypt
26	
27	
28	NOTES
29	
30	In the beta/experimental releases of eCryptfs, when you upgrade
31	eCryptfs, you should copy the files to an unencrypted location and
32	then copy the files back into the new eCryptfs mount to migrate the
33	files.
34	
35	
36	MOUNT-WIDE PASSPHRASE
37	
38	Create a new directory into which eCryptfs will write its encrypted
39	files (i.e., /root/crypt).  Then, create the mount point directory
40	(i.e., /mnt/crypt).  Now it's time to mount eCryptfs:
41	
42	mount -t ecryptfs /root/crypt /mnt/crypt
43	
44	You should be prompted for a passphrase and a salt (the salt may be
45	blank).
46	
47	Try writing a new file:
48	
49	echo "Hello, World" > /mnt/crypt/hello.txt
50	
51	The operation will complete.  Notice that there is a new file in
52	/root/crypt that is at least 12288 bytes in size (depending on your
53	host page size).  This is the encrypted underlying file for what you
54	just wrote.  To test reading, from start to finish, you need to clear
55	the user session keyring:
56	
57	keyctl clear @u
58	
59	Then umount /mnt/crypt and mount again per the instructions given
60	above.
61	
62	cat /mnt/crypt/hello.txt
63	
64	
65	NOTES
66	
67	eCryptfs version 0.1 should only be mounted on (1) empty directories
68	or (2) directories containing files only created by eCryptfs. If you
69	mount a directory that has pre-existing files not created by eCryptfs,
70	then behavior is undefined. Do not run eCryptfs in higher verbosity
71	levels unless you are doing so for the sole purpose of debugging or
72	development, since secret values will be written out to the system log
73	in that case.
74	
75	
76	Mike Halcrow
77	mhalcrow@us.ibm.com
Hide Line Numbers
About Kernel Documentation Linux Kernel Contact Linux Resources Linux Blog

Information is copyright its respective author. All material is available from the Linux Kernel Source distributed under a GPL License. This page is provided as a free service by mjmwired.net.