eCryptfs: Move ecryptfs docs into Documentation/filesystems/
Signed-off-by: Josef 'Jeff' Sipek <jsipek@cs.sunysb.edu> Acked-by: Michael Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Josef 'Jeff' Sipek
committed by
Linus Torvalds
Linus Torvalds
부모
c381bfcf0c
커밋
5d91192e66
77
Documentation/filesystems/ecryptfs.txt
Normal file
77
Documentation/filesystems/ecryptfs.txt
Normal file
@@ -0,0 +1,77 @@
|
||||
eCryptfs: A stacked cryptographic filesystem for Linux
|
||||
|
||||
eCryptfs is free software. Please see the file COPYING for details.
|
||||
For documentation, please see the files in the doc/ subdirectory. For
|
||||
building and installation instructions please see the INSTALL file.
|
||||
|
||||
Maintainer: Phillip Hellewell
|
||||
Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com>
|
||||
Developers: Michael C. Thompson
|
||||
Kent Yoder
|
||||
Web Site: http://ecryptfs.sf.net
|
||||
|
||||
This software is currently undergoing development. Make sure to
|
||||
maintain a backup copy of any data you write into eCryptfs.
|
||||
|
||||
eCryptfs requires the userspace tools downloadable from the
|
||||
SourceForge site:
|
||||
|
||||
http://sourceforge.net/projects/ecryptfs/
|
||||
|
||||
Userspace requirements include:
|
||||
- David Howells' userspace keyring headers and libraries (version
|
||||
1.0 or higher), obtainable from
|
||||
http://people.redhat.com/~dhowells/keyutils/
|
||||
- Libgcrypt
|
||||
|
||||
|
||||
NOTES
|
||||
|
||||
In the beta/experimental releases of eCryptfs, when you upgrade
|
||||
eCryptfs, you should copy the files to an unencrypted location and
|
||||
then copy the files back into the new eCryptfs mount to migrate the
|
||||
files.
|
||||
|
||||
|
||||
MOUNT-WIDE PASSPHRASE
|
||||
|
||||
Create a new directory into which eCryptfs will write its encrypted
|
||||
files (i.e., /root/crypt). Then, create the mount point directory
|
||||
(i.e., /mnt/crypt). Now it's time to mount eCryptfs:
|
||||
|
||||
mount -t ecryptfs /root/crypt /mnt/crypt
|
||||
|
||||
You should be prompted for a passphrase and a salt (the salt may be
|
||||
blank).
|
||||
|
||||
Try writing a new file:
|
||||
|
||||
echo "Hello, World" > /mnt/crypt/hello.txt
|
||||
|
||||
The operation will complete. Notice that there is a new file in
|
||||
/root/crypt that is at least 12288 bytes in size (depending on your
|
||||
host page size). This is the encrypted underlying file for what you
|
||||
just wrote. To test reading, from start to finish, you need to clear
|
||||
the user session keyring:
|
||||
|
||||
keyctl clear @u
|
||||
|
||||
Then umount /mnt/crypt and mount again per the instructions given
|
||||
above.
|
||||
|
||||
cat /mnt/crypt/hello.txt
|
||||
|
||||
|
||||
NOTES
|
||||
|
||||
eCryptfs version 0.1 should only be mounted on (1) empty directories
|
||||
or (2) directories containing files only created by eCryptfs. If you
|
||||
mount a directory that has pre-existing files not created by eCryptfs,
|
||||
then behavior is undefined. Do not run eCryptfs in higher verbosity
|
||||
levels unless you are doing so for the sole purpose of debugging or
|
||||
development, since secret values will be written out to the system log
|
||||
in that case.
|
||||
|
||||
|
||||
Mike Halcrow
|
||||
mhalcrow@us.ibm.com
|
||||
Reference in New Issue
Block a user