Commit | Line | Data |
---|---|---|
237fead6 MH |
1 | eCryptfs: A stacked cryptographic filesystem for Linux |
2 | ||
3 | eCryptfs is free software. Please see the file COPYING for details. | |
4 | For documentation, please see the files in the doc/ subdirectory. For | |
5 | building and installation instructions please see the INSTALL file. | |
6 | ||
7 | Maintainer: Phillip Hellewell | |
8 | Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com> | |
9 | Developers: Michael C. Thompson | |
10 | Kent Yoder | |
11 | Web Site: http://ecryptfs.sf.net | |
12 | ||
13 | This software is currently undergoing development. Make sure to | |
14 | maintain a backup copy of any data you write into eCryptfs. | |
15 | ||
16 | eCryptfs requires the userspace tools downloadable from the | |
17 | SourceForge site: | |
18 | ||
19 | http://sourceforge.net/projects/ecryptfs/ | |
20 | ||
21 | Userspace requirements include: | |
22 | - David Howells' userspace keyring headers and libraries (version | |
23 | 1.0 or higher), obtainable from | |
24 | http://people.redhat.com/~dhowells/keyutils/ | |
25 | - Libgcrypt | |
26 | ||
27 | ||
28 | NOTES | |
29 | ||
30 | In the beta/experimental releases of eCryptfs, when you upgrade | |
31 | eCryptfs, you should copy the files to an unencrypted location and | |
32 | then copy the files back into the new eCryptfs mount to migrate the | |
33 | files. | |
34 | ||
35 | ||
36 | MOUNT-WIDE PASSPHRASE | |
37 | ||
38 | Create a new directory into which eCryptfs will write its encrypted | |
39 | files (i.e., /root/crypt). Then, create the mount point directory | |
40 | (i.e., /mnt/crypt). Now it's time to mount eCryptfs: | |
41 | ||
42 | mount -t ecryptfs /root/crypt /mnt/crypt | |
43 | ||
44 | You should be prompted for a passphrase and a salt (the salt may be | |
45 | blank). | |
46 | ||
47 | Try writing a new file: | |
48 | ||
49 | echo "Hello, World" > /mnt/crypt/hello.txt | |
50 | ||
51 | The operation will complete. Notice that there is a new file in | |
52 | /root/crypt that is at least 12288 bytes in size (depending on your | |
53 | host page size). This is the encrypted underlying file for what you | |
54 | just wrote. To test reading, from start to finish, you need to clear | |
55 | the user session keyring: | |
56 | ||
57 | keyctl clear @u | |
58 | ||
59 | Then umount /mnt/crypt and mount again per the instructions given | |
60 | above. | |
61 | ||
62 | cat /mnt/crypt/hello.txt | |
63 | ||
64 | ||
65 | NOTES | |
66 | ||
67 | eCryptfs version 0.1 should only be mounted on (1) empty directories | |
68 | or (2) directories containing files only created by eCryptfs. If you | |
69 | mount a directory that has pre-existing files not created by eCryptfs, | |
70 | then behavior is undefined. Do not run eCryptfs in higher verbosity | |
71 | levels unless you are doing so for the sole purpose of debugging or | |
72 | development, since secret values will be written out to the system log | |
73 | in that case. | |
74 | ||
75 | ||
76 | Mike Halcrow | |
77 | mhalcrow@us.ibm.com |