blob: 7236172300efbb8e93419d7b041948e527cf41b8 [file] [log] [blame]
Mauro Carvalho Chehabb02a17c2020-02-17 17:11:59 +01001.. SPDX-License-Identifier: GPL-2.0
2
3======================================================
Michael Halcrow237fead2006-10-04 02:16:22 -07004eCryptfs: A stacked cryptographic filesystem for Linux
Mauro Carvalho Chehabb02a17c2020-02-17 17:11:59 +01005======================================================
Michael Halcrow237fead2006-10-04 02:16:22 -07006
7eCryptfs is free software. Please see the file COPYING for details.
8For documentation, please see the files in the doc/ subdirectory. For
9building and installation instructions please see the INSTALL file.
10
Mauro Carvalho Chehabb02a17c2020-02-17 17:11:59 +010011:Maintainer: Phillip Hellewell
12:Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com>
13:Developers: Michael C. Thompson
14 Kent Yoder
15:Web Site: http://ecryptfs.sf.net
Michael Halcrow237fead2006-10-04 02:16:22 -070016
17This software is currently undergoing development. Make sure to
18maintain a backup copy of any data you write into eCryptfs.
19
20eCryptfs requires the userspace tools downloadable from the
21SourceForge site:
22
23http://sourceforge.net/projects/ecryptfs/
24
25Userspace requirements include:
Mauro Carvalho Chehabb02a17c2020-02-17 17:11:59 +010026
27- David Howells' userspace keyring headers and libraries (version
28 1.0 or higher), obtainable from
29 http://people.redhat.com/~dhowells/keyutils/
30- Libgcrypt
Michael Halcrow237fead2006-10-04 02:16:22 -070031
32
Mauro Carvalho Chehabb02a17c2020-02-17 17:11:59 +010033Notes
34=====
Michael Halcrow237fead2006-10-04 02:16:22 -070035
36In the beta/experimental releases of eCryptfs, when you upgrade
37eCryptfs, you should copy the files to an unencrypted location and
38then copy the files back into the new eCryptfs mount to migrate the
39files.
40
41
Mauro Carvalho Chehabb02a17c2020-02-17 17:11:59 +010042Mount-wide Passphrase
43=====================
Michael Halcrow237fead2006-10-04 02:16:22 -070044
45Create a new directory into which eCryptfs will write its encrypted
46files (i.e., /root/crypt). Then, create the mount point directory
Mauro Carvalho Chehabb02a17c2020-02-17 17:11:59 +010047(i.e., /mnt/crypt). Now it's time to mount eCryptfs::
Michael Halcrow237fead2006-10-04 02:16:22 -070048
Mauro Carvalho Chehabb02a17c2020-02-17 17:11:59 +010049 mount -t ecryptfs /root/crypt /mnt/crypt
Michael Halcrow237fead2006-10-04 02:16:22 -070050
51You should be prompted for a passphrase and a salt (the salt may be
52blank).
53
Mauro Carvalho Chehabb02a17c2020-02-17 17:11:59 +010054Try writing a new file::
Michael Halcrow237fead2006-10-04 02:16:22 -070055
Mauro Carvalho Chehabb02a17c2020-02-17 17:11:59 +010056 echo "Hello, World" > /mnt/crypt/hello.txt
Michael Halcrow237fead2006-10-04 02:16:22 -070057
58The operation will complete. Notice that there is a new file in
59/root/crypt that is at least 12288 bytes in size (depending on your
60host page size). This is the encrypted underlying file for what you
61just wrote. To test reading, from start to finish, you need to clear
62the user session keyring:
63
64keyctl clear @u
65
66Then umount /mnt/crypt and mount again per the instructions given
67above.
68
Mauro Carvalho Chehabb02a17c2020-02-17 17:11:59 +010069::
70
71 cat /mnt/crypt/hello.txt
Michael Halcrow237fead2006-10-04 02:16:22 -070072
73
Mauro Carvalho Chehabb02a17c2020-02-17 17:11:59 +010074Notes
75=====
Michael Halcrow237fead2006-10-04 02:16:22 -070076
77eCryptfs version 0.1 should only be mounted on (1) empty directories
78or (2) directories containing files only created by eCryptfs. If you
79mount a directory that has pre-existing files not created by eCryptfs,
80then behavior is undefined. Do not run eCryptfs in higher verbosity
81levels unless you are doing so for the sole purpose of debugging or
82development, since secret values will be written out to the system log
83in that case.
84
85
86Mike Halcrow
87mhalcrow@us.ibm.com