0001 .. SPDX-License-Identifier: GPL-2.0
0002
0003 ======================================================
0004 eCryptfs: A stacked cryptographic filesystem for Linux
0005 ======================================================
0006
0007 eCryptfs is free software. Please see the file COPYING for details.
0008 For documentation, please see the files in the doc/ subdirectory. For
0009 building and installation instructions please see the INSTALL file.
0010
0011 :Maintainer: Phillip Hellewell
0012 :Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com>
0013 :Developers: Michael C. Thompson
0014 Kent Yoder
0015 :Web Site: http://ecryptfs.sf.net
0016
0017 This software is currently undergoing development. Make sure to
0018 maintain a backup copy of any data you write into eCryptfs.
0019
0020 eCryptfs requires the userspace tools downloadable from the
0021 SourceForge site:
0022
0023 http://sourceforge.net/projects/ecryptfs/
0024
0025 Userspace requirements include:
0026
0027 - David Howells' userspace keyring headers and libraries (version
0028 1.0 or higher), obtainable from
0029 http://people.redhat.com/~dhowells/keyutils/
0030 - Libgcrypt
0031
0032
0033 .. note::
0034
0035 In the beta/experimental releases of eCryptfs, when you upgrade
0036 eCryptfs, you should copy the files to an unencrypted location and
0037 then copy the files back into the new eCryptfs mount to migrate the
0038 files.
0039
0040
0041 Mount-wide Passphrase
0042 =====================
0043
0044 Create a new directory into which eCryptfs will write its encrypted
0045 files (i.e., /root/crypt). Then, create the mount point directory
0046 (i.e., /mnt/crypt). Now it's time to mount eCryptfs::
0047
0048 mount -t ecryptfs /root/crypt /mnt/crypt
0049
0050 You should be prompted for a passphrase and a salt (the salt may be
0051 blank).
0052
0053 Try writing a new file::
0054
0055 echo "Hello, World" > /mnt/crypt/hello.txt
0056
0057 The operation will complete. Notice that there is a new file in
0058 /root/crypt that is at least 12288 bytes in size (depending on your
0059 host page size). This is the encrypted underlying file for what you
0060 just wrote. To test reading, from start to finish, you need to clear
0061 the user session keyring:
0062
0063 keyctl clear @u
0064
0065 Then umount /mnt/crypt and mount again per the instructions given
0066 above.
0067
0068 ::
0069
0070 cat /mnt/crypt/hello.txt
0071
0072
0073 Notes
0074 =====
0075
0076 eCryptfs version 0.1 should only be mounted on (1) empty directories
0077 or (2) directories containing files only created by eCryptfs. If you
0078 mount a directory that has pre-existing files not created by eCryptfs,
0079 then behavior is undefined. Do not run eCryptfs in higher verbosity
0080 levels unless you are doing so for the sole purpose of debugging or
0081 development, since secret values will be written out to the system log
0082 in that case.
0083
0084
0085 Mike Halcrow
0086 mhalcrow@us.ibm.com
