linux/Documentation/filesystems/ecryptfs.txt
<<
>>
Prefs 
   1eCryptfs: A stacked cryptographic filesystem for Linux
   2
   3eCryptfs is free software. Please see the file COPYING for details.
   4For documentation, please see the files in the doc/ subdirectory.  For
   5building and installation instructions please see the INSTALL file.
   6
   7Maintainer: Phillip Hellewell
   8Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com>
   9Developers: Michael C. Thompson
  10            Kent Yoder
  11Web Site: http://ecryptfs.sf.net
  12
  13This software is currently undergoing development. Make sure to
  14maintain a backup copy of any data you write into eCryptfs.
  15
  16eCryptfs requires the userspace tools downloadable from the
  17SourceForge site:
  18
  19http://sourceforge.net/projects/ecryptfs/
  20
  21Userspace requirements include:
  22 - David Howells' userspace keyring headers and libraries (version
  23   1.0 or higher), obtainable from
  24   http://people.redhat.com/~dhowells/keyutils/
  25 - Libgcrypt
  26
  27
  28NOTES
  29
  30In the beta/experimental releases of eCryptfs, when you upgrade
  31eCryptfs, you should copy the files to an unencrypted location and
  32then copy the files back into the new eCryptfs mount to migrate the
  33files.
  34
  35
  36MOUNT-WIDE PASSPHRASE
  37
  38Create a new directory into which eCryptfs will write its encrypted
  39files (i.e., /root/crypt).  Then, create the mount point directory
  40(i.e., /mnt/crypt).  Now it's time to mount eCryptfs:
  41
  42mount -t ecryptfs /root/crypt /mnt/crypt
  43
  44You should be prompted for a passphrase and a salt (the salt may be
  45blank).
  46
  47Try writing a new file:
  48
  49echo "Hello, World" > /mnt/crypt/hello.txt
  50
  51The operation will complete.  Notice that there is a new file in
  52/root/crypt that is at least 12288 bytes in size (depending on your
  53host page size).  This is the encrypted underlying file for what you
  54just wrote.  To test reading, from start to finish, you need to clear
  55the user session keyring:
  56
  57keyctl clear @u
  58
  59Then umount /mnt/crypt and mount again per the instructions given
  60above.
  61
  62cat /mnt/crypt/hello.txt
  63
  64
  65NOTES
  66
  67eCryptfs version 0.1 should only be mounted on (1) empty directories
  68or (2) directories containing files only created by eCryptfs. If you
  69mount a directory that has pre-existing files not created by eCryptfs,
  70then behavior is undefined. Do not run eCryptfs in higher verbosity
  71levels unless you are doing so for the sole purpose of debugging or
  72development, since secret values will be written out to the system log
  73in that case.
  74
  75
  76Mike Halcrow
  77mhalcrow@us.ibm.com
  78
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.