| Michael Halcrow | 237fead | 2006-10-04 02:16:22 -0700 | [diff] [blame] | 1 | eCryptfs: A stacked cryptographic filesystem for Linux |
| 2 | |
| 3 | eCryptfs is free software. Please see the file COPYING for details. |
| 4 | For documentation, please see the files in the doc/ subdirectory. For |
| 5 | building and installation instructions please see the INSTALL file. |
| 6 | |
| 7 | Maintainer: Phillip Hellewell |
| 8 | Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com> |
| 9 | Developers: Michael C. Thompson |
| 10 | Kent Yoder |
| 11 | Web Site: http://ecryptfs.sf.net |
| 12 | |
| 13 | This software is currently undergoing development. Make sure to |
| 14 | maintain a backup copy of any data you write into eCryptfs. |
| 15 | |
| 16 | eCryptfs requires the userspace tools downloadable from the |
| 17 | SourceForge site: |
| 18 | |
| 19 | http://sourceforge.net/projects/ecryptfs/ |
| 20 | |
| 21 | Userspace requirements include: |
| 22 | - David Howells' userspace keyring headers and libraries (version |
| 23 | 1.0 or higher), obtainable from |
| 24 | http://people.redhat.com/~dhowells/keyutils/ |
| 25 | - Libgcrypt |
| 26 | |
| 27 | |
| 28 | NOTES |
| 29 | |
| 30 | In the beta/experimental releases of eCryptfs, when you upgrade |
| 31 | eCryptfs, you should copy the files to an unencrypted location and |
| 32 | then copy the files back into the new eCryptfs mount to migrate the |
| 33 | files. |
| 34 | |
| 35 | |
| 36 | MOUNT-WIDE PASSPHRASE |
| 37 | |
| 38 | Create a new directory into which eCryptfs will write its encrypted |
| 39 | files (i.e., /root/crypt). Then, create the mount point directory |
| 40 | (i.e., /mnt/crypt). Now it's time to mount eCryptfs: |
| 41 | |
| 42 | mount -t ecryptfs /root/crypt /mnt/crypt |
| 43 | |
| 44 | You should be prompted for a passphrase and a salt (the salt may be |
| 45 | blank). |
| 46 | |
| 47 | Try writing a new file: |
| 48 | |
| 49 | echo "Hello, World" > /mnt/crypt/hello.txt |
| 50 | |
| 51 | The operation will complete. Notice that there is a new file in |
| 52 | /root/crypt that is at least 12288 bytes in size (depending on your |
| 53 | host page size). This is the encrypted underlying file for what you |
| 54 | just wrote. To test reading, from start to finish, you need to clear |
| 55 | the user session keyring: |
| 56 | |
| 57 | keyctl clear @u |
| 58 | |
| 59 | Then umount /mnt/crypt and mount again per the instructions given |
| 60 | above. |
| 61 | |
| 62 | cat /mnt/crypt/hello.txt |
| 63 | |
| 64 | |
| 65 | NOTES |
| 66 | |
| 67 | eCryptfs version 0.1 should only be mounted on (1) empty directories |
| 68 | or (2) directories containing files only created by eCryptfs. If you |
| 69 | mount a directory that has pre-existing files not created by eCryptfs, |
| 70 | then behavior is undefined. Do not run eCryptfs in higher verbosity |
| 71 | levels unless you are doing so for the sole purpose of debugging or |
| 72 | development, since secret values will be written out to the system log |
| 73 | in that case. |
| 74 | |
| 75 | |
| 76 | Mike Halcrow |
| 77 | mhalcrow@us.ibm.com |