1b02a17cbSMauro Carvalho Chehab.. SPDX-License-Identifier: GPL-2.0 2b02a17cbSMauro Carvalho Chehab 3b02a17cbSMauro Carvalho Chehab====================================================== 4b02a17cbSMauro Carvalho ChehabeCryptfs: A stacked cryptographic filesystem for Linux 5b02a17cbSMauro Carvalho Chehab====================================================== 6b02a17cbSMauro Carvalho Chehab 7b02a17cbSMauro Carvalho ChehabeCryptfs is free software. Please see the file COPYING for details. 8b02a17cbSMauro Carvalho ChehabFor documentation, please see the files in the doc/ subdirectory. For 9b02a17cbSMauro Carvalho Chehabbuilding and installation instructions please see the INSTALL file. 10b02a17cbSMauro Carvalho Chehab 11b02a17cbSMauro Carvalho Chehab:Maintainer: Phillip Hellewell 12b02a17cbSMauro Carvalho Chehab:Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com> 13b02a17cbSMauro Carvalho Chehab:Developers: Michael C. Thompson 14b02a17cbSMauro Carvalho Chehab Kent Yoder 15b02a17cbSMauro Carvalho Chehab:Web Site: http://ecryptfs.sf.net 16b02a17cbSMauro Carvalho Chehab 17b02a17cbSMauro Carvalho ChehabThis software is currently undergoing development. Make sure to 18b02a17cbSMauro Carvalho Chehabmaintain a backup copy of any data you write into eCryptfs. 19b02a17cbSMauro Carvalho Chehab 20b02a17cbSMauro Carvalho ChehabeCryptfs requires the userspace tools downloadable from the 21b02a17cbSMauro Carvalho ChehabSourceForge site: 22b02a17cbSMauro Carvalho Chehab 23b02a17cbSMauro Carvalho Chehabhttp://sourceforge.net/projects/ecryptfs/ 24b02a17cbSMauro Carvalho Chehab 25b02a17cbSMauro Carvalho ChehabUserspace requirements include: 26b02a17cbSMauro Carvalho Chehab 27b02a17cbSMauro Carvalho Chehab- David Howells' userspace keyring headers and libraries (version 28b02a17cbSMauro Carvalho Chehab 1.0 or higher), obtainable from 29b02a17cbSMauro Carvalho Chehab http://people.redhat.com/~dhowells/keyutils/ 30b02a17cbSMauro Carvalho Chehab- Libgcrypt 31b02a17cbSMauro Carvalho Chehab 32b02a17cbSMauro Carvalho Chehab 33c44166feSMauro Carvalho Chehab.. note:: 34b02a17cbSMauro Carvalho Chehab 35b02a17cbSMauro Carvalho Chehab In the beta/experimental releases of eCryptfs, when you upgrade 36b02a17cbSMauro Carvalho Chehab eCryptfs, you should copy the files to an unencrypted location and 37b02a17cbSMauro Carvalho Chehab then copy the files back into the new eCryptfs mount to migrate the 38b02a17cbSMauro Carvalho Chehab files. 39b02a17cbSMauro Carvalho Chehab 40b02a17cbSMauro Carvalho Chehab 41b02a17cbSMauro Carvalho ChehabMount-wide Passphrase 42b02a17cbSMauro Carvalho Chehab===================== 43b02a17cbSMauro Carvalho Chehab 44b02a17cbSMauro Carvalho ChehabCreate a new directory into which eCryptfs will write its encrypted 45b02a17cbSMauro Carvalho Chehabfiles (i.e., /root/crypt). Then, create the mount point directory 46b02a17cbSMauro Carvalho Chehab(i.e., /mnt/crypt). Now it's time to mount eCryptfs:: 47b02a17cbSMauro Carvalho Chehab 48b02a17cbSMauro Carvalho Chehab mount -t ecryptfs /root/crypt /mnt/crypt 49b02a17cbSMauro Carvalho Chehab 50b02a17cbSMauro Carvalho ChehabYou should be prompted for a passphrase and a salt (the salt may be 51b02a17cbSMauro Carvalho Chehabblank). 52b02a17cbSMauro Carvalho Chehab 53b02a17cbSMauro Carvalho ChehabTry writing a new file:: 54b02a17cbSMauro Carvalho Chehab 55b02a17cbSMauro Carvalho Chehab echo "Hello, World" > /mnt/crypt/hello.txt 56b02a17cbSMauro Carvalho Chehab 57b02a17cbSMauro Carvalho ChehabThe operation will complete. Notice that there is a new file in 58b02a17cbSMauro Carvalho Chehab/root/crypt that is at least 12288 bytes in size (depending on your 59b02a17cbSMauro Carvalho Chehabhost page size). This is the encrypted underlying file for what you 60b02a17cbSMauro Carvalho Chehabjust wrote. To test reading, from start to finish, you need to clear 61b02a17cbSMauro Carvalho Chehabthe user session keyring: 62b02a17cbSMauro Carvalho Chehab 63b02a17cbSMauro Carvalho Chehabkeyctl clear @u 64b02a17cbSMauro Carvalho Chehab 65b02a17cbSMauro Carvalho ChehabThen umount /mnt/crypt and mount again per the instructions given 66b02a17cbSMauro Carvalho Chehababove. 67b02a17cbSMauro Carvalho Chehab 68b02a17cbSMauro Carvalho Chehab:: 69b02a17cbSMauro Carvalho Chehab 70b02a17cbSMauro Carvalho Chehab cat /mnt/crypt/hello.txt 71b02a17cbSMauro Carvalho Chehab 72b02a17cbSMauro Carvalho Chehab 73b02a17cbSMauro Carvalho ChehabNotes 74b02a17cbSMauro Carvalho Chehab===== 75b02a17cbSMauro Carvalho Chehab 76b02a17cbSMauro Carvalho ChehabeCryptfs version 0.1 should only be mounted on (1) empty directories 77b02a17cbSMauro Carvalho Chehabor (2) directories containing files only created by eCryptfs. If you 78b02a17cbSMauro Carvalho Chehabmount a directory that has pre-existing files not created by eCryptfs, 79b02a17cbSMauro Carvalho Chehabthen behavior is undefined. Do not run eCryptfs in higher verbosity 80b02a17cbSMauro Carvalho Chehablevels unless you are doing so for the sole purpose of debugging or 81b02a17cbSMauro Carvalho Chehabdevelopment, since secret values will be written out to the system log 82b02a17cbSMauro Carvalho Chehabin that case. 83b02a17cbSMauro Carvalho Chehab 84b02a17cbSMauro Carvalho Chehab 85b02a17cbSMauro Carvalho ChehabMike Halcrow 86b02a17cbSMauro Carvalho Chehabmhalcrow@us.ibm.com 87