1- Encrypted keys for the eCryptfs filesystem
1+ ==========================================
2+ Encrypted keys for the eCryptfs filesystem
3+ ==========================================
24
35ECryptfs is a stacked filesystem which transparently encrypts and decrypts each
46file using a randomly generated File Encryption Key (FEK).
@@ -35,20 +37,23 @@ controlled environment. Another advantage is that the key is not exposed to
3537threats of malicious software, because it is available in clear form only at
3638kernel level.
3739
38- Usage:
40+ Usage::
41+
3942 keyctl add encrypted name "new ecryptfs key-type:master-key-name keylen" ring
4043 keyctl add encrypted name "load hex_blob" ring
4144 keyctl update keyid "update key-type:master-key-name"
4245
43- name:= '<16 hexadecimal characters>'
44- key-type:= 'trusted' | 'user'
45- keylen:= 64
46+ Where::
47+
48+ name:= '<16 hexadecimal characters>'
49+ key-type:= 'trusted' | 'user'
50+ keylen:= 64
4651
4752
4853Example of encrypted key usage with the eCryptfs filesystem:
4954
5055Create an encrypted key "1000100010001000" of length 64 bytes with format
51- 'ecryptfs' and save it using a previously loaded user key "test":
56+ 'ecryptfs' and save it using a previously loaded user key "test"::
5257
5358 $ keyctl add encrypted 1000100010001000 "new ecryptfs user:test 64" @u
5459 19184530
@@ -62,7 +67,7 @@ Create an encrypted key "1000100010001000" of length 64 bytes with format
6267 $ keyctl pipe 19184530 > ecryptfs.blob
6368
6469Mount an eCryptfs filesystem using the created encrypted key "1000100010001000"
65- into the '/secret' directory:
70+ into the '/secret' directory::
6671
6772 $ mount -i -t ecryptfs -oecryptfs_sig=1000100010001000,\
6873 ecryptfs_cipher=aes,ecryptfs_key_bytes=32 /secret /secret
0 commit comments