Root/
1 | eCryptfs: A stacked cryptographic filesystem for Linux |
2 | |
3 | eCryptfs is free software. Please see the file COPYING for details. |
4 | For documentation, please see the files in the doc/ subdirectory. For |
5 | building and installation instructions please see the INSTALL file. |
6 | |
7 | Maintainer: Phillip Hellewell |
8 | Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com> |
9 | Developers: Michael C. Thompson |
10 | Kent Yoder |
11 | Web Site: http://ecryptfs.sf.net |
12 | |
13 | This software is currently undergoing development. Make sure to |
14 | maintain a backup copy of any data you write into eCryptfs. |
15 | |
16 | eCryptfs requires the userspace tools downloadable from the |
17 | SourceForge site: |
18 | |
19 | http://sourceforge.net/projects/ecryptfs/ |
20 | |
21 | Userspace requirements include: |
22 | - David Howells' userspace keyring headers and libraries (version |
23 | 1.0 or higher), obtainable from |
24 | http://people.redhat.com/~dhowells/keyutils/ |
25 | - Libgcrypt |
26 | |
27 | |
28 | NOTES |
29 | |
30 | In the beta/experimental releases of eCryptfs, when you upgrade |
31 | eCryptfs, you should copy the files to an unencrypted location and |
32 | then copy the files back into the new eCryptfs mount to migrate the |
33 | files. |
34 | |
35 | |
36 | MOUNT-WIDE PASSPHRASE |
37 | |
38 | Create a new directory into which eCryptfs will write its encrypted |
39 | files (i.e., /root/crypt). Then, create the mount point directory |
40 | (i.e., /mnt/crypt). Now it's time to mount eCryptfs: |
41 | |
42 | mount -t ecryptfs /root/crypt /mnt/crypt |
43 | |
44 | You should be prompted for a passphrase and a salt (the salt may be |
45 | blank). |
46 | |
47 | Try writing a new file: |
48 | |
49 | echo "Hello, World" > /mnt/crypt/hello.txt |
50 | |
51 | The operation will complete. Notice that there is a new file in |
52 | /root/crypt that is at least 12288 bytes in size (depending on your |
53 | host page size). This is the encrypted underlying file for what you |
54 | just wrote. To test reading, from start to finish, you need to clear |
55 | the user session keyring: |
56 | |
57 | keyctl clear @u |
58 | |
59 | Then umount /mnt/crypt and mount again per the instructions given |
60 | above. |
61 | |
62 | cat /mnt/crypt/hello.txt |
63 | |
64 | |
65 | NOTES |
66 | |
67 | eCryptfs version 0.1 should only be mounted on (1) empty directories |
68 | or (2) directories containing files only created by eCryptfs. If you |
69 | mount a directory that has pre-existing files not created by eCryptfs, |
70 | then behavior is undefined. Do not run eCryptfs in higher verbosity |
71 | levels unless you are doing so for the sole purpose of debugging or |
72 | development, since secret values will be written out to the system log |
73 | in that case. |
74 | |
75 | |
76 | Mike Halcrow |
77 | mhalcrow@us.ibm.com |
78 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9