1eCryptfs: A stacked cryptographic filesystem for Linux 2 3eCryptfs is free software. Please see the file COPYING for details. 4For documentation, please see the files in the doc/ subdirectory. For 5building and installation instructions please see the INSTALL file. 6 7Maintainer: Phillip Hellewell 8Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com> 9Developers: Michael C. Thompson 10 Kent Yoder 11Web Site: http://ecryptfs.sf.net 12 13This software is currently undergoing development. Make sure to 14maintain a backup copy of any data you write into eCryptfs. 15 16eCryptfs requires the userspace tools downloadable from the 17SourceForge site: 18 19http://sourceforge.net/projects/ecryptfs/ 20 21Userspace requirements include: 22 - David Howells' userspace keyring headers and libraries (version 23 1.0 or higher), obtainable from 24 http://people.redhat.com/~dhowells/keyutils/ 25 - Libgcrypt 26 27 28NOTES 29 30In the beta/experimental releases of eCryptfs, when you upgrade 31eCryptfs, you should copy the files to an unencrypted location and 32then copy the files back into the new eCryptfs mount to migrate the 33files. 34 35 36MOUNT-WIDE PASSPHRASE 37 38Create a new directory into which eCryptfs will write its encrypted 39files (i.e., /root/crypt). Then, create the mount point directory 40(i.e., /mnt/crypt). Now it's time to mount eCryptfs: 41 42mount -t ecryptfs /root/crypt /mnt/crypt 43 44You should be prompted for a passphrase and a salt (the salt may be 45blank). 46 47Try writing a new file: 48 49echo "Hello, World" > /mnt/crypt/hello.txt 50 51The operation will complete. Notice that there is a new file in 52/root/crypt that is at least 12288 bytes in size (depending on your 53host page size). This is the encrypted underlying file for what you 54just wrote. To test reading, from start to finish, you need to clear 55the user session keyring: 56 57keyctl clear @u 58 59Then umount /mnt/crypt and mount again per the instructions given 60above. 61 62cat /mnt/crypt/hello.txt 63 64 65NOTES 66 67eCryptfs version 0.1 should only be mounted on (1) empty directories 68or (2) directories containing files only created by eCryptfs. If you 69mount a directory that has pre-existing files not created by eCryptfs, 70then behavior is undefined. Do not run eCryptfs in higher verbosity 71levels unless you are doing so for the sole purpose of debugging or 72development, since secret values will be written out to the system log 73in that case. 74 75 76Mike Halcrow 77mhalcrow@us.ibm.com 78
