| Mauro Carvalho Chehab | b02a17c | 2020-02-17 17:11:59 +0100 | [diff] [blame] | 1 | .. SPDX-License-Identifier: GPL-2.0 |
| 2 | |
| 3 | ====================================================== |
| Michael Halcrow | 237fead | 2006-10-04 02:16:22 -0700 | [diff] [blame] | 4 | eCryptfs: A stacked cryptographic filesystem for Linux |
| Mauro Carvalho Chehab | b02a17c | 2020-02-17 17:11:59 +0100 | [diff] [blame] | 5 | ====================================================== |
| Michael Halcrow | 237fead | 2006-10-04 02:16:22 -0700 | [diff] [blame] | 6 | |
| 7 | eCryptfs is free software. Please see the file COPYING for details. |
| 8 | For documentation, please see the files in the doc/ subdirectory. For |
| 9 | building and installation instructions please see the INSTALL file. |
| 10 | |
| Mauro Carvalho Chehab | b02a17c | 2020-02-17 17:11:59 +0100 | [diff] [blame] | 11 | :Maintainer: Phillip Hellewell |
| 12 | :Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com> |
| 13 | :Developers: Michael C. Thompson |
| 14 | Kent Yoder |
| 15 | :Web Site: http://ecryptfs.sf.net |
| Michael Halcrow | 237fead | 2006-10-04 02:16:22 -0700 | [diff] [blame] | 16 | |
| 17 | This software is currently undergoing development. Make sure to |
| 18 | maintain a backup copy of any data you write into eCryptfs. |
| 19 | |
| 20 | eCryptfs requires the userspace tools downloadable from the |
| 21 | SourceForge site: |
| 22 | |
| 23 | http://sourceforge.net/projects/ecryptfs/ |
| 24 | |
| 25 | Userspace requirements include: |
| Mauro Carvalho Chehab | b02a17c | 2020-02-17 17:11:59 +0100 | [diff] [blame] | 26 | |
| 27 | - David Howells' userspace keyring headers and libraries (version |
| 28 | 1.0 or higher), obtainable from |
| 29 | http://people.redhat.com/~dhowells/keyutils/ |
| 30 | - Libgcrypt |
| Michael Halcrow | 237fead | 2006-10-04 02:16:22 -0700 | [diff] [blame] | 31 | |
| 32 | |
| Mauro Carvalho Chehab | c44166f | 2020-03-20 16:11:02 +0100 | [diff] [blame] | 33 | .. note:: |
| Michael Halcrow | 237fead | 2006-10-04 02:16:22 -0700 | [diff] [blame] | 34 | |
| Mauro Carvalho Chehab | c44166f | 2020-03-20 16:11:02 +0100 | [diff] [blame] | 35 | In the beta/experimental releases of eCryptfs, when you upgrade |
| 36 | eCryptfs, you should copy the files to an unencrypted location and |
| 37 | then copy the files back into the new eCryptfs mount to migrate the |
| 38 | files. |
| Michael Halcrow | 237fead | 2006-10-04 02:16:22 -0700 | [diff] [blame] | 39 | |
| 40 | |
| Mauro Carvalho Chehab | b02a17c | 2020-02-17 17:11:59 +0100 | [diff] [blame] | 41 | Mount-wide Passphrase |
| 42 | ===================== |
| Michael Halcrow | 237fead | 2006-10-04 02:16:22 -0700 | [diff] [blame] | 43 | |
| 44 | Create a new directory into which eCryptfs will write its encrypted |
| 45 | files (i.e., /root/crypt). Then, create the mount point directory |
| Mauro Carvalho Chehab | b02a17c | 2020-02-17 17:11:59 +0100 | [diff] [blame] | 46 | (i.e., /mnt/crypt). Now it's time to mount eCryptfs:: |
| Michael Halcrow | 237fead | 2006-10-04 02:16:22 -0700 | [diff] [blame] | 47 | |
| Mauro Carvalho Chehab | b02a17c | 2020-02-17 17:11:59 +0100 | [diff] [blame] | 48 | mount -t ecryptfs /root/crypt /mnt/crypt |
| Michael Halcrow | 237fead | 2006-10-04 02:16:22 -0700 | [diff] [blame] | 49 | |
| 50 | You should be prompted for a passphrase and a salt (the salt may be |
| 51 | blank). |
| 52 | |
| Mauro Carvalho Chehab | b02a17c | 2020-02-17 17:11:59 +0100 | [diff] [blame] | 53 | Try writing a new file:: |
| Michael Halcrow | 237fead | 2006-10-04 02:16:22 -0700 | [diff] [blame] | 54 | |
| Mauro Carvalho Chehab | b02a17c | 2020-02-17 17:11:59 +0100 | [diff] [blame] | 55 | echo "Hello, World" > /mnt/crypt/hello.txt |
| Michael Halcrow | 237fead | 2006-10-04 02:16:22 -0700 | [diff] [blame] | 56 | |
| 57 | The operation will complete. Notice that there is a new file in |
| 58 | /root/crypt that is at least 12288 bytes in size (depending on your |
| 59 | host page size). This is the encrypted underlying file for what you |
| 60 | just wrote. To test reading, from start to finish, you need to clear |
| 61 | the user session keyring: |
| 62 | |
| 63 | keyctl clear @u |
| 64 | |
| 65 | Then umount /mnt/crypt and mount again per the instructions given |
| 66 | above. |
| 67 | |
| Mauro Carvalho Chehab | b02a17c | 2020-02-17 17:11:59 +0100 | [diff] [blame] | 68 | :: |
| 69 | |
| 70 | cat /mnt/crypt/hello.txt |
| Michael Halcrow | 237fead | 2006-10-04 02:16:22 -0700 | [diff] [blame] | 71 | |
| 72 | |
| Mauro Carvalho Chehab | b02a17c | 2020-02-17 17:11:59 +0100 | [diff] [blame] | 73 | Notes |
| 74 | ===== |
| Michael Halcrow | 237fead | 2006-10-04 02:16:22 -0700 | [diff] [blame] | 75 | |
| 76 | eCryptfs version 0.1 should only be mounted on (1) empty directories |
| 77 | or (2) directories containing files only created by eCryptfs. If you |
| 78 | mount a directory that has pre-existing files not created by eCryptfs, |
| 79 | then behavior is undefined. Do not run eCryptfs in higher verbosity |
| 80 | levels unless you are doing so for the sole purpose of debugging or |
| 81 | development, since secret values will be written out to the system log |
| 82 | in that case. |
| 83 | |
| 84 | |
| 85 | Mike Halcrow |
| 86 | mhalcrow@us.ibm.com |