Commit 5d91192e667ae34733b9daf6dd5f1d4496d2f441
Committed by
Linus Torvalds
Linus Torvalds
1 parent
c381bfcf0c
Exists in
master
and in
7 other branches
eCryptfs: Move ecryptfs docs into Documentation/filesystems/
Signed-off-by: Josef 'Jeff' Sipek <jsipek@cs.sunysb.edu> Acked-by: Michael Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Showing 2 changed files with 77 additions and 77 deletions Side-by-side Diff
Documentation/ecryptfs.txt
| 1 | -eCryptfs: A stacked cryptographic filesystem for Linux | |
| 2 | - | |
| 3 | -eCryptfs is free software. Please see the file COPYING for details. | |
| 4 | -For documentation, please see the files in the doc/ subdirectory. For | |
| 5 | -building and installation instructions please see the INSTALL file. | |
| 6 | - | |
| 7 | -Maintainer: Phillip Hellewell | |
| 8 | -Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com> | |
| 9 | -Developers: Michael C. Thompson | |
| 10 | - Kent Yoder | |
| 11 | -Web Site: http://ecryptfs.sf.net | |
| 12 | - | |
| 13 | -This software is currently undergoing development. Make sure to | |
| 14 | -maintain a backup copy of any data you write into eCryptfs. | |
| 15 | - | |
| 16 | -eCryptfs requires the userspace tools downloadable from the | |
| 17 | -SourceForge site: | |
| 18 | - | |
| 19 | -http://sourceforge.net/projects/ecryptfs/ | |
| 20 | - | |
| 21 | -Userspace requirements include: | |
| 22 | - - David Howells' userspace keyring headers and libraries (version | |
| 23 | - 1.0 or higher), obtainable from | |
| 24 | - http://people.redhat.com/~dhowells/keyutils/ | |
| 25 | - - Libgcrypt | |
| 26 | - | |
| 27 | - | |
| 28 | -NOTES | |
| 29 | - | |
| 30 | -In the beta/experimental releases of eCryptfs, when you upgrade | |
| 31 | -eCryptfs, you should copy the files to an unencrypted location and | |
| 32 | -then copy the files back into the new eCryptfs mount to migrate the | |
| 33 | -files. | |
| 34 | - | |
| 35 | - | |
| 36 | -MOUNT-WIDE PASSPHRASE | |
| 37 | - | |
| 38 | -Create a new directory into which eCryptfs will write its encrypted | |
| 39 | -files (i.e., /root/crypt). Then, create the mount point directory | |
| 40 | -(i.e., /mnt/crypt). Now it's time to mount eCryptfs: | |
| 41 | - | |
| 42 | -mount -t ecryptfs /root/crypt /mnt/crypt | |
| 43 | - | |
| 44 | -You should be prompted for a passphrase and a salt (the salt may be | |
| 45 | -blank). | |
| 46 | - | |
| 47 | -Try writing a new file: | |
| 48 | - | |
| 49 | -echo "Hello, World" > /mnt/crypt/hello.txt | |
| 50 | - | |
| 51 | -The operation will complete. Notice that there is a new file in | |
| 52 | -/root/crypt that is at least 12288 bytes in size (depending on your | |
| 53 | -host page size). This is the encrypted underlying file for what you | |
| 54 | -just wrote. To test reading, from start to finish, you need to clear | |
| 55 | -the user session keyring: | |
| 56 | - | |
| 57 | -keyctl clear @u | |
| 58 | - | |
| 59 | -Then umount /mnt/crypt and mount again per the instructions given | |
| 60 | -above. | |
| 61 | - | |
| 62 | -cat /mnt/crypt/hello.txt | |
| 63 | - | |
| 64 | - | |
| 65 | -NOTES | |
| 66 | - | |
| 67 | -eCryptfs version 0.1 should only be mounted on (1) empty directories | |
| 68 | -or (2) directories containing files only created by eCryptfs. If you | |
| 69 | -mount a directory that has pre-existing files not created by eCryptfs, | |
| 70 | -then behavior is undefined. Do not run eCryptfs in higher verbosity | |
| 71 | -levels unless you are doing so for the sole purpose of debugging or | |
| 72 | -development, since secret values will be written out to the system log | |
| 73 | -in that case. | |
| 74 | - | |
| 75 | - | |
| 76 | -Mike Halcrow | |
| 77 | -mhalcrow@us.ibm.com |
Documentation/filesystems/ecryptfs.txt
| 1 | +eCryptfs: A stacked cryptographic filesystem for Linux | |
| 2 | + | |
| 3 | +eCryptfs is free software. Please see the file COPYING for details. | |
| 4 | +For documentation, please see the files in the doc/ subdirectory. For | |
| 5 | +building and installation instructions please see the INSTALL file. | |
| 6 | + | |
| 7 | +Maintainer: Phillip Hellewell | |
| 8 | +Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com> | |
| 9 | +Developers: Michael C. Thompson | |
| 10 | + Kent Yoder | |
| 11 | +Web Site: http://ecryptfs.sf.net | |
| 12 | + | |
| 13 | +This software is currently undergoing development. Make sure to | |
| 14 | +maintain a backup copy of any data you write into eCryptfs. | |
| 15 | + | |
| 16 | +eCryptfs requires the userspace tools downloadable from the | |
| 17 | +SourceForge site: | |
| 18 | + | |
| 19 | +http://sourceforge.net/projects/ecryptfs/ | |
| 20 | + | |
| 21 | +Userspace requirements include: | |
| 22 | + - David Howells' userspace keyring headers and libraries (version | |
| 23 | + 1.0 or higher), obtainable from | |
| 24 | + http://people.redhat.com/~dhowells/keyutils/ | |
| 25 | + - Libgcrypt | |
| 26 | + | |
| 27 | + | |
| 28 | +NOTES | |
| 29 | + | |
| 30 | +In the beta/experimental releases of eCryptfs, when you upgrade | |
| 31 | +eCryptfs, you should copy the files to an unencrypted location and | |
| 32 | +then copy the files back into the new eCryptfs mount to migrate the | |
| 33 | +files. | |
| 34 | + | |
| 35 | + | |
| 36 | +MOUNT-WIDE PASSPHRASE | |
| 37 | + | |
| 38 | +Create a new directory into which eCryptfs will write its encrypted | |
| 39 | +files (i.e., /root/crypt). Then, create the mount point directory | |
| 40 | +(i.e., /mnt/crypt). Now it's time to mount eCryptfs: | |
| 41 | + | |
| 42 | +mount -t ecryptfs /root/crypt /mnt/crypt | |
| 43 | + | |
| 44 | +You should be prompted for a passphrase and a salt (the salt may be | |
| 45 | +blank). | |
| 46 | + | |
| 47 | +Try writing a new file: | |
| 48 | + | |
| 49 | +echo "Hello, World" > /mnt/crypt/hello.txt | |
| 50 | + | |
| 51 | +The operation will complete. Notice that there is a new file in | |
| 52 | +/root/crypt that is at least 12288 bytes in size (depending on your | |
| 53 | +host page size). This is the encrypted underlying file for what you | |
| 54 | +just wrote. To test reading, from start to finish, you need to clear | |
| 55 | +the user session keyring: | |
| 56 | + | |
| 57 | +keyctl clear @u | |
| 58 | + | |
| 59 | +Then umount /mnt/crypt and mount again per the instructions given | |
| 60 | +above. | |
| 61 | + | |
| 62 | +cat /mnt/crypt/hello.txt | |
| 63 | + | |
| 64 | + | |
| 65 | +NOTES | |
| 66 | + | |
| 67 | +eCryptfs version 0.1 should only be mounted on (1) empty directories | |
| 68 | +or (2) directories containing files only created by eCryptfs. If you | |
| 69 | +mount a directory that has pre-existing files not created by eCryptfs, | |
| 70 | +then behavior is undefined. Do not run eCryptfs in higher verbosity | |
| 71 | +levels unless you are doing so for the sole purpose of debugging or | |
| 72 | +development, since secret values will be written out to the system log | |
| 73 | +in that case. | |
| 74 | + | |
| 75 | + | |
| 76 | +Mike Halcrow | |
| 77 | +mhalcrow@us.ibm.com |