1*4882a593Smuzhiyun.. SPDX-License-Identifier: GPL-2.0 2*4882a593Smuzhiyun 3*4882a593Smuzhiyun====================================================== 4*4882a593SmuzhiyuneCryptfs: A stacked cryptographic filesystem for Linux 5*4882a593Smuzhiyun====================================================== 6*4882a593Smuzhiyun 7*4882a593SmuzhiyuneCryptfs is free software. Please see the file COPYING for details. 8*4882a593SmuzhiyunFor documentation, please see the files in the doc/ subdirectory. For 9*4882a593Smuzhiyunbuilding and installation instructions please see the INSTALL file. 10*4882a593Smuzhiyun 11*4882a593Smuzhiyun:Maintainer: Phillip Hellewell 12*4882a593Smuzhiyun:Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com> 13*4882a593Smuzhiyun:Developers: Michael C. Thompson 14*4882a593Smuzhiyun Kent Yoder 15*4882a593Smuzhiyun:Web Site: http://ecryptfs.sf.net 16*4882a593Smuzhiyun 17*4882a593SmuzhiyunThis software is currently undergoing development. Make sure to 18*4882a593Smuzhiyunmaintain a backup copy of any data you write into eCryptfs. 19*4882a593Smuzhiyun 20*4882a593SmuzhiyuneCryptfs requires the userspace tools downloadable from the 21*4882a593SmuzhiyunSourceForge site: 22*4882a593Smuzhiyun 23*4882a593Smuzhiyunhttp://sourceforge.net/projects/ecryptfs/ 24*4882a593Smuzhiyun 25*4882a593SmuzhiyunUserspace requirements include: 26*4882a593Smuzhiyun 27*4882a593Smuzhiyun- David Howells' userspace keyring headers and libraries (version 28*4882a593Smuzhiyun 1.0 or higher), obtainable from 29*4882a593Smuzhiyun http://people.redhat.com/~dhowells/keyutils/ 30*4882a593Smuzhiyun- Libgcrypt 31*4882a593Smuzhiyun 32*4882a593Smuzhiyun 33*4882a593Smuzhiyun.. note:: 34*4882a593Smuzhiyun 35*4882a593Smuzhiyun In the beta/experimental releases of eCryptfs, when you upgrade 36*4882a593Smuzhiyun eCryptfs, you should copy the files to an unencrypted location and 37*4882a593Smuzhiyun then copy the files back into the new eCryptfs mount to migrate the 38*4882a593Smuzhiyun files. 39*4882a593Smuzhiyun 40*4882a593Smuzhiyun 41*4882a593SmuzhiyunMount-wide Passphrase 42*4882a593Smuzhiyun===================== 43*4882a593Smuzhiyun 44*4882a593SmuzhiyunCreate a new directory into which eCryptfs will write its encrypted 45*4882a593Smuzhiyunfiles (i.e., /root/crypt). Then, create the mount point directory 46*4882a593Smuzhiyun(i.e., /mnt/crypt). Now it's time to mount eCryptfs:: 47*4882a593Smuzhiyun 48*4882a593Smuzhiyun mount -t ecryptfs /root/crypt /mnt/crypt 49*4882a593Smuzhiyun 50*4882a593SmuzhiyunYou should be prompted for a passphrase and a salt (the salt may be 51*4882a593Smuzhiyunblank). 52*4882a593Smuzhiyun 53*4882a593SmuzhiyunTry writing a new file:: 54*4882a593Smuzhiyun 55*4882a593Smuzhiyun echo "Hello, World" > /mnt/crypt/hello.txt 56*4882a593Smuzhiyun 57*4882a593SmuzhiyunThe operation will complete. Notice that there is a new file in 58*4882a593Smuzhiyun/root/crypt that is at least 12288 bytes in size (depending on your 59*4882a593Smuzhiyunhost page size). This is the encrypted underlying file for what you 60*4882a593Smuzhiyunjust wrote. To test reading, from start to finish, you need to clear 61*4882a593Smuzhiyunthe user session keyring: 62*4882a593Smuzhiyun 63*4882a593Smuzhiyunkeyctl clear @u 64*4882a593Smuzhiyun 65*4882a593SmuzhiyunThen umount /mnt/crypt and mount again per the instructions given 66*4882a593Smuzhiyunabove. 67*4882a593Smuzhiyun 68*4882a593Smuzhiyun:: 69*4882a593Smuzhiyun 70*4882a593Smuzhiyun cat /mnt/crypt/hello.txt 71*4882a593Smuzhiyun 72*4882a593Smuzhiyun 73*4882a593SmuzhiyunNotes 74*4882a593Smuzhiyun===== 75*4882a593Smuzhiyun 76*4882a593SmuzhiyuneCryptfs version 0.1 should only be mounted on (1) empty directories 77*4882a593Smuzhiyunor (2) directories containing files only created by eCryptfs. If you 78*4882a593Smuzhiyunmount a directory that has pre-existing files not created by eCryptfs, 79*4882a593Smuzhiyunthen behavior is undefined. Do not run eCryptfs in higher verbosity 80*4882a593Smuzhiyunlevels unless you are doing so for the sole purpose of debugging or 81*4882a593Smuzhiyundevelopment, since secret values will be written out to the system log 82*4882a593Smuzhiyunin that case. 83*4882a593Smuzhiyun 84*4882a593Smuzhiyun 85*4882a593SmuzhiyunMike Halcrow 86*4882a593Smuzhiyunmhalcrow@us.ibm.com 87