Eric Lee / smarc-fsl-linux-kernel

Blame view

Documentation/filesystems/ecryptfs.txt 2.33 KB
edit raw normal view history
81f7e3824   Eric Lee   Initial Release, ... 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
  eCryptfs: A stacked cryptographic filesystem for Linux
  
  eCryptfs is free software. Please see the file COPYING for details.
  For documentation, please see the files in the doc/ subdirectory.  For
  building and installation instructions please see the INSTALL file.
  
  Maintainer: Phillip Hellewell
  Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com>
  Developers: Michael C. Thompson
              Kent Yoder
  Web Site: http://ecryptfs.sf.net
  
  This software is currently undergoing development. Make sure to
  maintain a backup copy of any data you write into eCryptfs.
  
  eCryptfs requires the userspace tools downloadable from the
  SourceForge site:
  
  http://sourceforge.net/projects/ecryptfs/
  
  Userspace requirements include:
   - David Howells' userspace keyring headers and libraries (version
     1.0 or higher), obtainable from
     http://people.redhat.com/~dhowells/keyutils/
   - Libgcrypt
  
  
  NOTES
  
  In the beta/experimental releases of eCryptfs, when you upgrade
  eCryptfs, you should copy the files to an unencrypted location and
  then copy the files back into the new eCryptfs mount to migrate the
  files.
  
  
  MOUNT-WIDE PASSPHRASE
  
  Create a new directory into which eCryptfs will write its encrypted
  files (i.e., /root/crypt).  Then, create the mount point directory
  (i.e., /mnt/crypt).  Now it's time to mount eCryptfs:
  
  mount -t ecryptfs /root/crypt /mnt/crypt
  
  You should be prompted for a passphrase and a salt (the salt may be
  blank).
  
  Try writing a new file:
  
  echo "Hello, World" > /mnt/crypt/hello.txt
  
  The operation will complete.  Notice that there is a new file in
  /root/crypt that is at least 12288 bytes in size (depending on your
  host page size).  This is the encrypted underlying file for what you
  just wrote.  To test reading, from start to finish, you need to clear
  the user session keyring:
  
  keyctl clear @u
  
  Then umount /mnt/crypt and mount again per the instructions given
  above.
  
  cat /mnt/crypt/hello.txt
  
  
  NOTES
  
  eCryptfs version 0.1 should only be mounted on (1) empty directories
  or (2) directories containing files only created by eCryptfs. If you
  mount a directory that has pre-existing files not created by eCryptfs,
  then behavior is undefined. Do not run eCryptfs in higher verbosity
  levels unless you are doing so for the sole purpose of debugging or
  development, since secret values will be written out to the system log
  in that case.
  
  
  Mike Halcrow
  mhalcrow@us.ibm.com