1 .. SPDX-License-Identifier: GPL-2.0 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 ============================================== 3 ====================================================== 4 eCryptfs: A stacked cryptographic filesystem f 4 eCryptfs: A stacked cryptographic filesystem for Linux 5 ============================================== 5 ====================================================== 6 6 7 eCryptfs is free software. Please see the file 7 eCryptfs is free software. Please see the file COPYING for details. 8 For documentation, please see the files in the 8 For documentation, please see the files in the doc/ subdirectory. For 9 building and installation instructions please 9 building and installation instructions please see the INSTALL file. 10 10 11 :Maintainer: Phillip Hellewell 11 :Maintainer: Phillip Hellewell 12 :Lead developer: Michael A. Halcrow <mhalcrow@u 12 :Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com> 13 :Developers: Michael C. Thompson 13 :Developers: Michael C. Thompson 14 Kent Yoder 14 Kent Yoder 15 :Web Site: http://ecryptfs.sf.net 15 :Web Site: http://ecryptfs.sf.net 16 16 17 This software is currently undergoing developm 17 This software is currently undergoing development. Make sure to 18 maintain a backup copy of any data you write i 18 maintain a backup copy of any data you write into eCryptfs. 19 19 20 eCryptfs requires the userspace tools download 20 eCryptfs requires the userspace tools downloadable from the 21 SourceForge site: 21 SourceForge site: 22 22 23 http://sourceforge.net/projects/ecryptfs/ 23 http://sourceforge.net/projects/ecryptfs/ 24 24 25 Userspace requirements include: 25 Userspace requirements include: 26 26 27 - David Howells' userspace keyring headers and 27 - David Howells' userspace keyring headers and libraries (version 28 1.0 or higher), obtainable from 28 1.0 or higher), obtainable from 29 http://people.redhat.com/~dhowells/keyutils/ 29 http://people.redhat.com/~dhowells/keyutils/ 30 - Libgcrypt 30 - Libgcrypt 31 31 32 32 33 .. note:: 33 .. note:: 34 34 35 In the beta/experimental releases of eCrypt 35 In the beta/experimental releases of eCryptfs, when you upgrade 36 eCryptfs, you should copy the files to an u 36 eCryptfs, you should copy the files to an unencrypted location and 37 then copy the files back into the new eCryp 37 then copy the files back into the new eCryptfs mount to migrate the 38 files. 38 files. 39 39 40 40 41 Mount-wide Passphrase 41 Mount-wide Passphrase 42 ===================== 42 ===================== 43 43 44 Create a new directory into which eCryptfs wil 44 Create a new directory into which eCryptfs will write its encrypted 45 files (i.e., /root/crypt). Then, create the m 45 files (i.e., /root/crypt). Then, create the mount point directory 46 (i.e., /mnt/crypt). Now it's time to mount eC 46 (i.e., /mnt/crypt). Now it's time to mount eCryptfs:: 47 47 48 mount -t ecryptfs /root/crypt /mnt/crypt 48 mount -t ecryptfs /root/crypt /mnt/crypt 49 49 50 You should be prompted for a passphrase and a 50 You should be prompted for a passphrase and a salt (the salt may be 51 blank). 51 blank). 52 52 53 Try writing a new file:: 53 Try writing a new file:: 54 54 55 echo "Hello, World" > /mnt/crypt/hello.txt 55 echo "Hello, World" > /mnt/crypt/hello.txt 56 56 57 The operation will complete. Notice that ther 57 The operation will complete. Notice that there is a new file in 58 /root/crypt that is at least 12288 bytes in si 58 /root/crypt that is at least 12288 bytes in size (depending on your 59 host page size). This is the encrypted underl 59 host page size). This is the encrypted underlying file for what you 60 just wrote. To test reading, from start to fi 60 just wrote. To test reading, from start to finish, you need to clear 61 the user session keyring: 61 the user session keyring: 62 62 63 keyctl clear @u 63 keyctl clear @u 64 64 65 Then umount /mnt/crypt and mount again per the 65 Then umount /mnt/crypt and mount again per the instructions given 66 above. 66 above. 67 67 68 :: 68 :: 69 69 70 cat /mnt/crypt/hello.txt 70 cat /mnt/crypt/hello.txt 71 71 72 72 73 Notes 73 Notes 74 ===== 74 ===== 75 75 76 eCryptfs version 0.1 should only be mounted on 76 eCryptfs version 0.1 should only be mounted on (1) empty directories 77 or (2) directories containing files only creat 77 or (2) directories containing files only created by eCryptfs. If you 78 mount a directory that has pre-existing files 78 mount a directory that has pre-existing files not created by eCryptfs, 79 then behavior is undefined. Do not run eCryptf 79 then behavior is undefined. Do not run eCryptfs in higher verbosity 80 levels unless you are doing so for the sole pu 80 levels unless you are doing so for the sole purpose of debugging or 81 development, since secret values will be writt 81 development, since secret values will be written out to the system log 82 in that case. 82 in that case. 83 83 84 84 85 Mike Halcrow 85 Mike Halcrow 86 mhalcrow@us.ibm.com 86 mhalcrow@us.ibm.com
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.