1.. SPDX-License-Identifier: GPL-2.0 2 3====================================================== 4eCryptfs: A stacked cryptographic filesystem for Linux 5====================================================== 6 7eCryptfs is free software. Please see the file COPYING for details. 8For documentation, please see the files in the doc/ subdirectory. For 9building and installation instructions please see the INSTALL file. 10 11:Maintainer: Phillip Hellewell 12:Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com> 13:Developers: Michael C. Thompson 14 Kent Yoder 15:Web Site: http://ecryptfs.sf.net 16 17This software is currently undergoing development. Make sure to 18maintain a backup copy of any data you write into eCryptfs. 19 20eCryptfs requires the userspace tools downloadable from the 21SourceForge site: 22 23http://sourceforge.net/projects/ecryptfs/ 24 25Userspace requirements include: 26 27- David Howells' userspace keyring headers and libraries (version 28 1.0 or higher), obtainable from 29 http://people.redhat.com/~dhowells/keyutils/ 30- Libgcrypt 31 32 33Notes 34===== 35 36In the beta/experimental releases of eCryptfs, when you upgrade 37eCryptfs, you should copy the files to an unencrypted location and 38then copy the files back into the new eCryptfs mount to migrate the 39files. 40 41 42Mount-wide Passphrase 43===================== 44 45Create a new directory into which eCryptfs will write its encrypted 46files (i.e., /root/crypt). Then, create the mount point directory 47(i.e., /mnt/crypt). Now it's time to mount eCryptfs:: 48 49 mount -t ecryptfs /root/crypt /mnt/crypt 50 51You should be prompted for a passphrase and a salt (the salt may be 52blank). 53 54Try writing a new file:: 55 56 echo "Hello, World" > /mnt/crypt/hello.txt 57 58The operation will complete. Notice that there is a new file in 59/root/crypt that is at least 12288 bytes in size (depending on your 60host page size). This is the encrypted underlying file for what you 61just wrote. To test reading, from start to finish, you need to clear 62the user session keyring: 63 64keyctl clear @u 65 66Then umount /mnt/crypt and mount again per the instructions given 67above. 68 69:: 70 71 cat /mnt/crypt/hello.txt 72 73 74Notes 75===== 76 77eCryptfs version 0.1 should only be mounted on (1) empty directories 78or (2) directories containing files only created by eCryptfs. If you 79mount a directory that has pre-existing files not created by eCryptfs, 80then behavior is undefined. Do not run eCryptfs in higher verbosity 81levels unless you are doing so for the sole purpose of debugging or 82development, since secret values will be written out to the system log 83in that case. 84 85 86Mike Halcrow 87mhalcrow@us.ibm.com 88