ecryptfs.txt 2.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778
  1. eCryptfs: A stacked cryptographic filesystem for Linux
  2. eCryptfs is free software. Please see the file COPYING for details.
  3. For documentation, please see the files in the doc/ subdirectory. For
  4. building and installation instructions please see the INSTALL file.
  5. Maintainer: Phillip Hellewell
  6. Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com>
  7. Developers: Michael C. Thompson
  8. Kent Yoder
  9. Web Site: http://ecryptfs.sf.net
  10. This software is currently undergoing development. Make sure to
  11. maintain a backup copy of any data you write into eCryptfs.
  12. eCryptfs requires the userspace tools downloadable from the
  13. SourceForge site:
  14. http://sourceforge.net/projects/ecryptfs/
  15. Userspace requirements include:
  16. - David Howells' userspace keyring headers and libraries (version
  17. 1.0 or higher), obtainable from
  18. http://people.redhat.com/~dhowells/keyutils/
  19. - Libgcrypt
  20. NOTES
  21. In the beta/experimental releases of eCryptfs, when you upgrade
  22. eCryptfs, you should copy the files to an unencrypted location and
  23. then copy the files back into the new eCryptfs mount to migrate the
  24. files.
  25. MOUNT-WIDE PASSPHRASE
  26. Create a new directory into which eCryptfs will write its encrypted
  27. files (i.e., /root/crypt). Then, create the mount point directory
  28. (i.e., /mnt/crypt). Now it's time to mount eCryptfs:
  29. mount -t ecryptfs /root/crypt /mnt/crypt
  30. You should be prompted for a passphrase and a salt (the salt may be
  31. blank).
  32. Try writing a new file:
  33. echo "Hello, World" > /mnt/crypt/hello.txt
  34. The operation will complete. Notice that there is a new file in
  35. /root/crypt that is at least 12288 bytes in size (depending on your
  36. host page size). This is the encrypted underlying file for what you
  37. just wrote. To test reading, from start to finish, you need to clear
  38. the user session keyring:
  39. keyctl clear @u
  40. Then umount /mnt/crypt and mount again per the instructions given
  41. above.
  42. cat /mnt/crypt/hello.txt
  43. NOTES
  44. eCryptfs version 0.1 should only be mounted on (1) empty directories
  45. or (2) directories containing files only created by eCryptfs. If you
  46. mount a directory that has pre-existing files not created by eCryptfs,
  47. then behavior is undefined. Do not run eCryptfs in higher verbosity
  48. levels unless you are doing so for the sole purpose of debugging or
  49. development, since secret values will be written out to the system log
  50. in that case.
  51. Mike Halcrow
  52. mhalcrow@us.ibm.com