Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/Documentation/filesystems/ecryptfs.rst 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) .. SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3) ======================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4) eCryptfs: A stacked cryptographic filesystem for Linux
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5) ======================================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7) eCryptfs is free software. Please see the file COPYING for details.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) For documentation, please see the files in the doc/ subdirectory.  For
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) building and installation instructions please see the INSTALL file.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) :Maintainer: Phillip Hellewell
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) :Lead developer: Michael A. Halcrow <mhalcrow@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) :Developers: Michael C. Thompson
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14)              Kent Yoder
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) :Web Site: http://ecryptfs.sf.net
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) This software is currently undergoing development. Make sure to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) maintain a backup copy of any data you write into eCryptfs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) eCryptfs requires the userspace tools downloadable from the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) SourceForge site:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) http://sourceforge.net/projects/ecryptfs/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) Userspace requirements include:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) - David Howells' userspace keyring headers and libraries (version
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28)   1.0 or higher), obtainable from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29)   http://people.redhat.com/~dhowells/keyutils/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) - Libgcrypt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) .. note::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35)    In the beta/experimental releases of eCryptfs, when you upgrade
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36)    eCryptfs, you should copy the files to an unencrypted location and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37)    then copy the files back into the new eCryptfs mount to migrate the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38)    files.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) Mount-wide Passphrase
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) =====================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) Create a new directory into which eCryptfs will write its encrypted
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) files (i.e., /root/crypt).  Then, create the mount point directory
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) (i.e., /mnt/crypt).  Now it's time to mount eCryptfs::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48)     mount -t ecryptfs /root/crypt /mnt/crypt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) You should be prompted for a passphrase and a salt (the salt may be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) blank).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) Try writing a new file::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55)     echo "Hello, World" > /mnt/crypt/hello.txt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) The operation will complete.  Notice that there is a new file in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) /root/crypt that is at least 12288 bytes in size (depending on your
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) host page size).  This is the encrypted underlying file for what you
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) just wrote.  To test reading, from start to finish, you need to clear
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) the user session keyring:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) keyctl clear @u
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) Then umount /mnt/crypt and mount again per the instructions given
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) above.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) ::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70)     cat /mnt/crypt/hello.txt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) Notes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) =====
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) eCryptfs version 0.1 should only be mounted on (1) empty directories
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) or (2) directories containing files only created by eCryptfs. If you
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) mount a directory that has pre-existing files not created by eCryptfs,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) then behavior is undefined. Do not run eCryptfs in higher verbosity
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) levels unless you are doing so for the sole purpose of debugging or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) development, since secret values will be written out to the system log
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) in that case.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) Mike Halcrow
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) mhalcrow@us.ibm.com
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.