2020-02-17 17:11:59 +01:00
|
|
|
.. SPDX-License-Identifier: GPL-2.0
|
|
|
|
|
|
|
|
======================================================
|
2006-10-04 02:16:22 -07:00
|
|
|
eCryptfs: A stacked cryptographic filesystem for Linux
|
2020-02-17 17:11:59 +01:00
|
|
|
======================================================
|
2006-10-04 02:16:22 -07:00
|
|
|
|
|
|
|
eCryptfs is free software. Please see the file COPYING for details.
|
|
|
|
For documentation, please see the files in the doc/ subdirectory. For
|
|
|
|
building and installation instructions please see the INSTALL file.
|
|
|
|
|
2020-02-17 17:11:59 +01:00
|
|
|
:Maintainer: Phillip Hellewell
|
|
|
|
:Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com>
|
|
|
|
:Developers: Michael C. Thompson
|
|
|
|
Kent Yoder
|
|
|
|
:Web Site: http://ecryptfs.sf.net
|
2006-10-04 02:16:22 -07:00
|
|
|
|
|
|
|
This software is currently undergoing development. Make sure to
|
|
|
|
maintain a backup copy of any data you write into eCryptfs.
|
|
|
|
|
|
|
|
eCryptfs requires the userspace tools downloadable from the
|
|
|
|
SourceForge site:
|
|
|
|
|
|
|
|
http://sourceforge.net/projects/ecryptfs/
|
|
|
|
|
|
|
|
Userspace requirements include:
|
2020-02-17 17:11:59 +01:00
|
|
|
|
|
|
|
- David Howells' userspace keyring headers and libraries (version
|
|
|
|
1.0 or higher), obtainable from
|
|
|
|
http://people.redhat.com/~dhowells/keyutils/
|
|
|
|
- Libgcrypt
|
2006-10-04 02:16:22 -07:00
|
|
|
|
|
|
|
|
2020-03-20 16:11:02 +01:00
|
|
|
.. note::
|
2006-10-04 02:16:22 -07:00
|
|
|
|
2020-03-20 16:11:02 +01:00
|
|
|
In the beta/experimental releases of eCryptfs, when you upgrade
|
|
|
|
eCryptfs, you should copy the files to an unencrypted location and
|
|
|
|
then copy the files back into the new eCryptfs mount to migrate the
|
|
|
|
files.
|
2006-10-04 02:16:22 -07:00
|
|
|
|
|
|
|
|
2020-02-17 17:11:59 +01:00
|
|
|
Mount-wide Passphrase
|
|
|
|
=====================
|
2006-10-04 02:16:22 -07:00
|
|
|
|
|
|
|
Create a new directory into which eCryptfs will write its encrypted
|
|
|
|
files (i.e., /root/crypt). Then, create the mount point directory
|
2020-02-17 17:11:59 +01:00
|
|
|
(i.e., /mnt/crypt). Now it's time to mount eCryptfs::
|
2006-10-04 02:16:22 -07:00
|
|
|
|
2020-02-17 17:11:59 +01:00
|
|
|
mount -t ecryptfs /root/crypt /mnt/crypt
|
2006-10-04 02:16:22 -07:00
|
|
|
|
|
|
|
You should be prompted for a passphrase and a salt (the salt may be
|
|
|
|
blank).
|
|
|
|
|
2020-02-17 17:11:59 +01:00
|
|
|
Try writing a new file::
|
2006-10-04 02:16:22 -07:00
|
|
|
|
2020-02-17 17:11:59 +01:00
|
|
|
echo "Hello, World" > /mnt/crypt/hello.txt
|
2006-10-04 02:16:22 -07:00
|
|
|
|
|
|
|
The operation will complete. Notice that there is a new file in
|
|
|
|
/root/crypt that is at least 12288 bytes in size (depending on your
|
|
|
|
host page size). This is the encrypted underlying file for what you
|
|
|
|
just wrote. To test reading, from start to finish, you need to clear
|
|
|
|
the user session keyring:
|
|
|
|
|
|
|
|
keyctl clear @u
|
|
|
|
|
|
|
|
Then umount /mnt/crypt and mount again per the instructions given
|
|
|
|
above.
|
|
|
|
|
2020-02-17 17:11:59 +01:00
|
|
|
::
|
|
|
|
|
|
|
|
cat /mnt/crypt/hello.txt
|
2006-10-04 02:16:22 -07:00
|
|
|
|
|
|
|
|
2020-02-17 17:11:59 +01:00
|
|
|
Notes
|
|
|
|
=====
|
2006-10-04 02:16:22 -07:00
|
|
|
|
|
|
|
eCryptfs version 0.1 should only be mounted on (1) empty directories
|
|
|
|
or (2) directories containing files only created by eCryptfs. If you
|
|
|
|
mount a directory that has pre-existing files not created by eCryptfs,
|
|
|
|
then behavior is undefined. Do not run eCryptfs in higher verbosity
|
|
|
|
levels unless you are doing so for the sole purpose of debugging or
|
|
|
|
development, since secret values will be written out to the system log
|
|
|
|
in that case.
|
|
|
|
|
|
|
|
|
|
|
|
Mike Halcrow
|
|
|
|
mhalcrow@us.ibm.com
|