eCryptfs uses the term wrapped passphrase to refer to the cryptographically secured mount passphrase.
The mount passphrase (or key) is what gives access to the encrypted files, i.e.While not relevant for this article, the Overlay filesystem introduced with Linux 3.18 uses the same upper/lower nomenclature for the stacking of filesystems. The encrypted directory is referred to as the lower and the unencrypted as the upper directory throughout the eCryptfs documentation and this article.Several eCryptfs terms are used throughout the documentation:.It is also possible to share a directory with differently encrypted files (different passphrases). However, the encryption is linked to one passphrase so this must be shared as well. It is possible to share an encrypted directory between users.As a stacked filesystem, a mounting of an eCryptfs directory refers to mounting a (stacked) encrypted directory to another unencrypted mount point (directory) at Linux kernel runtime.To familiarize with eCryptfs a few points: If you are just starting to set up disk encryption, swap encryption and other points to consider are covered in Data-at-rest encryption#Preparation. There are other advantages, but there are also drawbacks, for instance eCryptfs is not suitable for encrypting complete partitions which also means you cannot protect swap space with it (but you can, of course, combine it with Dm-crypt/Swap encryption). All cryptographic metadata is stored in the headers of files, so encrypted data can be easily moved, stored for backup and recovered. That includes, for example, a user's entire home directory or single dedicated directories within it. Instead, you can mount eCryptfs on top of any single directory to protect it. 4.1 Mounting may fail on a remote host when connecting via MoshĪs mentioned in the summary eCryptfs does not require special on-disk storage allocation effort, such as a separate partition or pre-allocated space.3.1 Symlinking into the encrypted directory.
0 kommentar(er)
