The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/Documentation/ecryptfs.txt

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 eCryptfs: A stacked cryptographic filesystem for Linux
    2 
    3 eCryptfs is free software. Please see the file COPYING for details.
    4 For documentation, please see the files in the doc/ subdirectory.  For
    5 building and installation instructions please see the INSTALL file.
    6 
    7 Maintainer: Phillip Hellewell
    8 Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com>
    9 Developers: Michael C. Thompson
   10             Kent Yoder
   11 Web Site: http://ecryptfs.sf.net
   12 
   13 This software is currently undergoing development. Make sure to
   14 maintain a backup copy of any data you write into eCryptfs.
   15 
   16 eCryptfs requires the userspace tools downloadable from the
   17 SourceForge site:
   18 
   19 http://sourceforge.net/projects/ecryptfs/
   20 
   21 Userspace requirements include:
   22  - David Howells' userspace keyring headers and libraries (version
   23    1.0 or higher), obtainable from
   24    http://people.redhat.com/~dhowells/keyutils/
   25  - Libgcrypt
   26 
   27 
   28 NOTES
   29 
   30 In the beta/experimental releases of eCryptfs, when you upgrade
   31 eCryptfs, you should copy the files to an unencrypted location and
   32 then copy the files back into the new eCryptfs mount to migrate the
   33 files.
   34 
   35 
   36 MOUNT-WIDE PASSPHRASE
   37 
   38 Create a new directory into which eCryptfs will write its encrypted
   39 files (i.e., /root/crypt).  Then, create the mount point directory
   40 (i.e., /mnt/crypt).  Now it's time to mount eCryptfs:
   41 
   42 mount -t ecryptfs /root/crypt /mnt/crypt
   43 
   44 You should be prompted for a passphrase and a salt (the salt may be
   45 blank).
   46 
   47 Try writing a new file:
   48 
   49 echo "Hello, World" > /mnt/crypt/hello.txt
   50 
   51 The operation will complete.  Notice that there is a new file in
   52 /root/crypt that is at least 12288 bytes in size (depending on your
   53 host page size).  This is the encrypted underlying file for what you
   54 just wrote.  To test reading, from start to finish, you need to clear
   55 the user session keyring:
   56 
   57 keyctl clear @u
   58 
   59 Then umount /mnt/crypt and mount again per the instructions given
   60 above.
   61 
   62 cat /mnt/crypt/hello.txt
   63 
   64 
   65 NOTES
   66 
   67 eCryptfs version 0.1 should only be mounted on (1) empty directories
   68 or (2) directories containing files only created by eCryptfs. If you
   69 mount a directory that has pre-existing files not created by eCryptfs,
   70 then behavior is undefined. Do not run eCryptfs in higher verbosity
   71 levels unless you are doing so for the sole purpose of debugging or
   72 development, since secret values will be written out to the system log
   73 in that case.
   74 
   75 
   76 Mike Halcrow
   77 mhalcrow@us.ibm.com

Cache object: 80722ffc4340f89416498dfadafd75ec


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.