]>
Commit | Line | Data |
---|---|---|
b02a17cb MCC |
1 | .. SPDX-License-Identifier: GPL-2.0 |
2 | ||
3 | ====================================================== | |
237fead6 | 4 | eCryptfs: A stacked cryptographic filesystem for Linux |
b02a17cb | 5 | ====================================================== |
237fead6 MH |
6 | |
7 | eCryptfs is free software. Please see the file COPYING for details. | |
8 | For documentation, please see the files in the doc/ subdirectory. For | |
9 | building and installation instructions please see the INSTALL file. | |
10 | ||
b02a17cb MCC |
11 | :Maintainer: Phillip Hellewell |
12 | :Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com> | |
13 | :Developers: Michael C. Thompson | |
14 | Kent Yoder | |
15 | :Web Site: http://ecryptfs.sf.net | |
237fead6 MH |
16 | |
17 | This software is currently undergoing development. Make sure to | |
18 | maintain a backup copy of any data you write into eCryptfs. | |
19 | ||
20 | eCryptfs requires the userspace tools downloadable from the | |
21 | SourceForge site: | |
22 | ||
23 | http://sourceforge.net/projects/ecryptfs/ | |
24 | ||
25 | Userspace requirements include: | |
b02a17cb MCC |
26 | |
27 | - David Howells' userspace keyring headers and libraries (version | |
28 | 1.0 or higher), obtainable from | |
29 | http://people.redhat.com/~dhowells/keyutils/ | |
30 | - Libgcrypt | |
237fead6 MH |
31 | |
32 | ||
c44166fe | 33 | .. note:: |
237fead6 | 34 | |
c44166fe MCC |
35 | In the beta/experimental releases of eCryptfs, when you upgrade |
36 | eCryptfs, you should copy the files to an unencrypted location and | |
37 | then copy the files back into the new eCryptfs mount to migrate the | |
38 | files. | |
237fead6 MH |
39 | |
40 | ||
b02a17cb MCC |
41 | Mount-wide Passphrase |
42 | ===================== | |
237fead6 MH |
43 | |
44 | Create a new directory into which eCryptfs will write its encrypted | |
45 | files (i.e., /root/crypt). Then, create the mount point directory | |
b02a17cb | 46 | (i.e., /mnt/crypt). Now it's time to mount eCryptfs:: |
237fead6 | 47 | |
b02a17cb | 48 | mount -t ecryptfs /root/crypt /mnt/crypt |
237fead6 MH |
49 | |
50 | You should be prompted for a passphrase and a salt (the salt may be | |
51 | blank). | |
52 | ||
b02a17cb | 53 | Try writing a new file:: |
237fead6 | 54 | |
b02a17cb | 55 | echo "Hello, World" > /mnt/crypt/hello.txt |
237fead6 MH |
56 | |
57 | The operation will complete. Notice that there is a new file in | |
58 | /root/crypt that is at least 12288 bytes in size (depending on your | |
59 | host page size). This is the encrypted underlying file for what you | |
60 | just wrote. To test reading, from start to finish, you need to clear | |
61 | the user session keyring: | |
62 | ||
63 | keyctl clear @u | |
64 | ||
65 | Then umount /mnt/crypt and mount again per the instructions given | |
66 | above. | |
67 | ||
b02a17cb MCC |
68 | :: |
69 | ||
70 | cat /mnt/crypt/hello.txt | |
237fead6 MH |
71 | |
72 | ||
b02a17cb MCC |
73 | Notes |
74 | ===== | |
237fead6 MH |
75 | |
76 | eCryptfs version 0.1 should only be mounted on (1) empty directories | |
77 | or (2) directories containing files only created by eCryptfs. If you | |
78 | mount a directory that has pre-existing files not created by eCryptfs, | |
79 | then behavior is undefined. Do not run eCryptfs in higher verbosity | |
80 | levels unless you are doing so for the sole purpose of debugging or | |
81 | development, since secret values will be written out to the system log | |
82 | in that case. | |
83 | ||
84 | ||
85 | Mike Halcrow | |
86 | mhalcrow@us.ibm.com |