diff options
Diffstat (limited to 'Documentation/ecryptfs.txt')
-rw-r--r-- | Documentation/ecryptfs.txt | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/Documentation/ecryptfs.txt b/Documentation/ecryptfs.txt new file mode 100644 index 000000000000..01d8a08351ac --- /dev/null +++ b/Documentation/ecryptfs.txt | |||
@@ -0,0 +1,77 @@ | |||
1 | eCryptfs: A stacked cryptographic filesystem for Linux | ||
2 | |||
3 | eCryptfs is free software. Please see the file COPYING for details. | ||
4 | For documentation, please see the files in the doc/ subdirectory. For | ||
5 | building and installation instructions please see the INSTALL file. | ||
6 | |||
7 | Maintainer: Phillip Hellewell | ||
8 | Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com> | ||
9 | Developers: Michael C. Thompson | ||
10 | Kent Yoder | ||
11 | Web Site: http://ecryptfs.sf.net | ||
12 | |||
13 | This software is currently undergoing development. Make sure to | ||
14 | maintain a backup copy of any data you write into eCryptfs. | ||
15 | |||
16 | eCryptfs requires the userspace tools downloadable from the | ||
17 | SourceForge site: | ||
18 | |||
19 | http://sourceforge.net/projects/ecryptfs/ | ||
20 | |||
21 | Userspace requirements include: | ||
22 | - David Howells' userspace keyring headers and libraries (version | ||
23 | 1.0 or higher), obtainable from | ||
24 | http://people.redhat.com/~dhowells/keyutils/ | ||
25 | - Libgcrypt | ||
26 | |||
27 | |||
28 | NOTES | ||
29 | |||
30 | In the beta/experimental releases of eCryptfs, when you upgrade | ||
31 | eCryptfs, you should copy the files to an unencrypted location and | ||
32 | then copy the files back into the new eCryptfs mount to migrate the | ||
33 | files. | ||
34 | |||
35 | |||
36 | MOUNT-WIDE PASSPHRASE | ||
37 | |||
38 | Create a new directory into which eCryptfs will write its encrypted | ||
39 | files (i.e., /root/crypt). Then, create the mount point directory | ||
40 | (i.e., /mnt/crypt). Now it's time to mount eCryptfs: | ||
41 | |||
42 | mount -t ecryptfs /root/crypt /mnt/crypt | ||
43 | |||
44 | You should be prompted for a passphrase and a salt (the salt may be | ||
45 | blank). | ||
46 | |||
47 | Try writing a new file: | ||
48 | |||
49 | echo "Hello, World" > /mnt/crypt/hello.txt | ||
50 | |||
51 | The operation will complete. Notice that there is a new file in | ||
52 | /root/crypt that is at least 12288 bytes in size (depending on your | ||
53 | host page size). This is the encrypted underlying file for what you | ||
54 | just wrote. To test reading, from start to finish, you need to clear | ||
55 | the user session keyring: | ||
56 | |||
57 | keyctl clear @u | ||
58 | |||
59 | Then umount /mnt/crypt and mount again per the instructions given | ||
60 | above. | ||
61 | |||
62 | cat /mnt/crypt/hello.txt | ||
63 | |||
64 | |||
65 | NOTES | ||
66 | |||
67 | eCryptfs version 0.1 should only be mounted on (1) empty directories | ||
68 | or (2) directories containing files only created by eCryptfs. If you | ||
69 | mount a directory that has pre-existing files not created by eCryptfs, | ||
70 | then behavior is undefined. Do not run eCryptfs in higher verbosity | ||
71 | levels unless you are doing so for the sole purpose of debugging or | ||
72 | development, since secret values will be written out to the system log | ||
73 | in that case. | ||
74 | |||
75 | |||
76 | Mike Halcrow | ||
77 | mhalcrow@us.ibm.com | ||