~mrooney/ecryptfs/nautilus-integration

<li>Integrity verification (in progress; preliminary patch <a href="http://downloads.sourceforge.net/ecryptfs/ecryptfs-hmac-2.6.24-rc5-2.txt">here</a>)</li>

106

<li>Filename encryption support (in progress; preliminary patch <a href="http://downloads.sourceforge.net/ecryptfs/ecryptfs-filename-crypto-2.6.27-rc7-20081103.txt">here</a>)</li>

107

<li>GnuPG key module (in plan)</li>

108

<li>Dynamic policy support (in plan)</li>

109

</ul>

110

111

To use eCryptfs, I recommend that you perform an overlay mount. You

112

can do this on any existing installed system by creating a directory

113

for your encrypted files and then by mounting that directory as an

114

eCryptfs filesystem:

115

116

117

<code>

118

mkdir /secret

119

mount -t ecryptfs /secret /secret

120

</code>

121

122

123

The eCryptfs mount helper will ask you a few questions about what

124

key you want to use, what cipher you want to use, and so forth. Once

125

mounted, you can read and write to <code>/secret</code>, and your

126

files will be encrypted on disk. Also, make sure that you use dm-crypt

127

with a random key at boot on any swap space you may be using. See the

128

<a href="http://www.linuxjournal.com/article/9400">Linux Journal

129

article</a> for some more details on this process.

130

131

132

133

<h3>Announcements</h3>

134

135

<ul>

136

<li>November 3, 2008</li>

137

<ul>

138

<li>eCryptfs mount-on-login has been integrated as a major new <a

139

href="https://wiki.ubuntu.com/EncryptedPrivateDirectory">feature</a>

140

in Ubuntu Intrepid.</li>

141

<li>The primary administrative site for eCryptfs is now hosted from <a

142

href="https://launchpad.net/ecryptfs">Launchpad</a>.</li>

143

<li><a

144

href="http://downloads.sourceforge.net/ecryptfs/ecryptfs-filename-crypto-2.6.27-rc7-20081103.txt">Patches

145

providing filename encryption support</a> are being prepared for

146

upstream submission.</li>

147

</ul>

148

</ul>

149

150

<ul>

151

<li>April 6, 2008</li>

152

<ul>

153

<li>The netlink interface with the userspace daemon broke somewhere

154

between 2.6.23 and 2.6.24. <a

155

href="http://downloads.sourceforge.net/ecryptfs/ecryptfs-procfs-kernel-20080406.txt">This

156

patch</a> migrates to a procfs handle instead, bringing back public

157

key functionality for 2.6.24 and later kernel releases. Until the next

158

ecryptfs-utils release, grab the version in the kernel.org <a

159

href="http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=summary">GIT

160

repository</a>.</li>

161

</ul>

162

</ul>

163

164

<ul>

165

<li>September 15, 2007</li>

166

<ul>

167

<li>Direct access to the address space maintained by another

168

filesystem can cause problems due to unintended interactions between

169

the owning filesystem and the process making changes. eCryptfs now

170

keeps a persistent lower file for each eCryptfs inode. This means that

171

eCryptfs no longer needs to directly access the lower inode's address

172

space in order to do I/O on the lower files. This helps bring eCryptfs

173

closer to functioning well on networked filesystems like NFS, CIFS,

174

and GPFS. The <a

175

href="http://sourceforge.net/project/showfiles.php?group_id=133988&package_id=200455&release_id=438884">experimental</a>

176

section contains a release with this feature implemented. Patches for

177

the -mm tree are complete and under test and review.</li>

178

</ul>

179

</ul>

180

181

<ul>

182

<li>August 21, 2007</li>

183

<ul>

184

<li>ecryptfs-utils version 23 now contains TPM support. You can

185

generate a key bound to certain PCR's and mount eCryptfs against that

186

key. Any files you create from that point on will only be accessible

187

if your PCR values match. You can use this feature to make certain

188

files only decryptable if your machine is booted into a trusted

189

configuration; you do not need to remember or provide any additional

190

secret values for this to work. Think of this as a method for making

191

your existing authentication mechanism on your machine useful for

192

regulating access to files on secondary storage devices, even when the

193

storage device is accessed directly. This provides strong protection

194

against someone booting your computer from a bootable CD and accessing

195

your files, for instance.</li>

196

</ul>

197

</ul>

198

199

<ul>

200

201

<ul>

202

<li>Multi-key support patches sent to the LKML.</li>

203

</ul>

204

</ul>

205

206

<ul>

207

<li>March 15, 2007</li>

208

<ul>

209

<li>The April 2007 edition of Linux Journal has an <a

210

href="http://www.linuxjournal.com/article/9400">article</a> on

211

eCryptfs. It is on page 54 of the print edition.</li>

212

</ul>

213

</ul>

214

215

216

<h3>Documentation</h3>

217

218

See the <a href="README">README</a> that is distributed with the

219

eCryptfs source.

220

221

Read the <a href="ecryptfs-faq.html">FAQ</a>.

222

223

Read the <a href="ecryptfs-article.pdf">article</a> on

224

eCryptfs. The content of this article was originally published in the

225

April 2007 edition of Linux Journal magazine. This article is now part

226

of the eCryptfs documentation.

227

228

Read the <a href="ecryptfs-pam-doc.txt">guide</a> on setting up a

229

wrapped passphrase PAM mount.

230

231

Read the <a href="ecryptfs.pdf">2005 Ottawa Linux Symposium

232

paper</a> on eCryptfs.

233

234

Read the original <a href="ecryptfs_design_doc_v0_1.pdf">design

235

document</a> detailing cryptographic properties of eCryptfs. Note

236

that, due to the nature of the Linux kernel development process, the

237

actual implementation may change at any time. Consult the source code

238

directly to get an accurate understanding of exactly what eCryptfs

239

does.

240

241

242

<h3>Mailing Lists</h3>

243

244

Subscribe to the <a

245

href="http://lists.sourceforge.net/lists/listinfo/ecryptfs-users">ecryptfs-users</a>

246

or the <a

247

href="http://lists.sourceforge.net/lists/listinfo/ecryptfs-devel">ecryptfs-devel</a>

248

mailing list.

249

250

251

<h3>Credits</h3>

252

253

<a href="http://halcrow.us/mike.html">Michael Halcrow</a> is the

254

lead developer.

255

256

Michael Thompson is a developer.

257

258

<a href="http://hellewell.homeip.net/phillip/">Phillip

259

Hellewell</a> is the project maintainer.

260

261

Erez Zadok and his research team authored and maintain Cryptfs,

262

which is the basis from which eCryptfs was developed.

263

264

Many folks have contributed time and resources toward helping

265

eCryptfs become what it is today. These include Steve French (CIFS),

266

David Kleikamp (JFS), and many folks on various mailing lists.

267

268

</td>

269

270

271

</td>

272

</tr>

273

</table>

274

275

276

277

278

279

280

</body>

281

</html>

Older »