linux-imx

eCryptfs: A stacked cryptographic filesystem for Linux

​

eCryptfs is free software. Please see the file COPYING for details.

For documentation, please see the files in the doc/ subdirectory.  For

building and installation instructions please see the INSTALL file.

​

Maintainer: Phillip Hellewell

Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com>

Developers: Michael C. Thompson

            Kent Yoder

Web Site: http://ecryptfs.sf.net

​

This software is currently undergoing development. Make sure to

maintain a backup copy of any data you write into eCryptfs.

​

eCryptfs requires the userspace tools downloadable from the

SourceForge site:

​

http://sourceforge.net/projects/ecryptfs/

​

Userspace requirements include:

 - David Howells' userspace keyring headers and libraries (version

   1.0 or higher), obtainable from

   http://people.redhat.com/~dhowells/keyutils/

 - Libgcrypt

​

​

NOTES

​

In the beta/experimental releases of eCryptfs, when you upgrade

eCryptfs, you should copy the files to an unencrypted location and

then copy the files back into the new eCryptfs mount to migrate the

files.

​

​

MOUNT-WIDE PASSPHRASE

​

Create a new directory into which eCryptfs will write its encrypted

files (i.e., /root/crypt).  Then, create the mount point directory

(i.e., /mnt/crypt).  Now it's time to mount eCryptfs:

​

mount -t ecryptfs /root/crypt /mnt/crypt

​

You should be prompted for a passphrase and a salt (the salt may be

blank).

​

Try writing a new file:

​

echo "Hello, World" > /mnt/crypt/hello.txt

​

The operation will complete.  Notice that there is a new file in

/root/crypt that is at least 12288 bytes in size (depending on your

host page size).  This is the encrypted underlying file for what you

just wrote.  To test reading, from start to finish, you need to clear

the user session keyring:

​

keyctl clear @u

​

Then umount /mnt/crypt and mount again per the instructions given

above.

​

cat /mnt/crypt/hello.txt

​