Home Explore Help
Register Sign In
dingyu
/
CooCenter-System-kernel
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e68e7644fa
Branches Tags
CooCenter-Sy...
/
Documentation
/
filesystems
/
ecryptfs.txt

ecryptfs.txt 2.3 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. eCryptfs: A stacked cryptographic filesystem for Linux
    2. 

  2. 

  3. eCryptfs is free software. Please see the file COPYING for details.
    4. 

  4. For documentation, please see the files in the doc/ subdirectory.  For
    5. 

  5. building and installation instructions please see the INSTALL file.
    6. 

  6. 

  7. Maintainer: Phillip Hellewell
    8. 

  8. Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com>
    9. 

  9. Developers: Michael C. Thompson
    10. 

  10.             Kent Yoder
    11. 

  11. Web Site: http://ecryptfs.sf.net
    12. 

  12. 

  13. This software is currently undergoing development. Make sure to
    14. 

  14. maintain a backup copy of any data you write into eCryptfs.
    15. 

  15. 

  16. eCryptfs requires the userspace tools downloadable from the
    17. 

  17. SourceForge site:
    18. 

  18. 

  19. http://sourceforge.net/projects/ecryptfs/
    20. 

  20. 

  21. Userspace requirements include:
    22. 

  22.  - David Howells' userspace keyring headers and libraries (version
    23. 

  23.    1.0 or higher), obtainable from
    24. 

  24.    http://people.redhat.com/~dhowells/keyutils/
    25. 

  25.  - Libgcrypt
    26. 

  26. 

  27. 

  28. NOTES
    29. 

  29. 

  30. In the beta/experimental releases of eCryptfs, when you upgrade
    31. 

  31. eCryptfs, you should copy the files to an unencrypted location and
    32. 

  32. then copy the files back into the new eCryptfs mount to migrate the
    33. 

  33. files.
    34. 

  34. 

  35. 

  36. MOUNT-WIDE PASSPHRASE
    37. 

  37. 

  38. Create a new directory into which eCryptfs will write its encrypted
    39. 

  39. files (i.e., /root/crypt).  Then, create the mount point directory
    40. 

  40. (i.e., /mnt/crypt).  Now it's time to mount eCryptfs:
    41. 

  41. 

  42. mount -t ecryptfs /root/crypt /mnt/crypt
    43. 

  43. 

  44. You should be prompted for a passphrase and a salt (the salt may be
    45. 

  45. blank).
    46. 

  46. 

  47. Try writing a new file:
    48. 

  48. 

  49. echo "Hello, World" > /mnt/crypt/hello.txt
    50. 

  50. 

  51. The operation will complete.  Notice that there is a new file in
    52. 

  52. /root/crypt that is at least 12288 bytes in size (depending on your
    53. 

  53. host page size).  This is the encrypted underlying file for what you
    54. 

  54. just wrote.  To test reading, from start to finish, you need to clear
    55. 

  55. the user session keyring:
    56. 

  56. 

  57. keyctl clear @u
    58. 

  58. 

  59. Then umount /mnt/crypt and mount again per the instructions given
    60. 

  60. above.
    61. 

  61. 

  62. cat /mnt/crypt/hello.txt
    63. 

  63. 

  64. 

  65. NOTES
    66. 

  66. 

  67. eCryptfs version 0.1 should only be mounted on (1) empty directories
    68. 

  68. or (2) directories containing files only created by eCryptfs. If you
    69. 

  69. mount a directory that has pre-existing files not created by eCryptfs,
    70. 

  70. then behavior is undefined. Do not run eCryptfs in higher verbosity
    71. 

  71. levels unless you are doing so for the sole purpose of debugging or
    72. 

  72. development, since secret values will be written out to the system log
    73. 

  73. in that case.
    74. 

  74. 

  75. 

  76. Mike Halcrow
    77. 

  77. mhalcrow@us.ibm.com
    78.