eCryptfs

• eCryptfs userspace utilities; you have two options:
• Download, build, and install the ecryptfs-utils tarball (follow the installation and usage instructions in the README file), or
• Install the ecryptfs-utils package for your distribution.
• eCryptfs kernel module; you have three options:
• Use the latest release of the Linux kernel.
• Download and build the full eCryptfs package containing both the kernel and the userspace components. We supply these packages primarily for convenience; the stand-alone module code is not as actively maintained as the code in the official Linux kernel. In general, we recommend that you use eCryptfs that ships in the most recent official Linux kernel releases.
• Download an eCryptfs binary kernel module package for your distribution.

Note that the eCryptfs SourceForge CVS repository rarely contains up-to-date code. Work from the latest tarball releases instead. Active development on both the eCryptfs kernel module and the eCryptfs userspace utilities takes place via the kernel.org GIT repository.

eCryptfs (SourceForge page) is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux. It is derived from Erez Zadok's Cryptfs, implemented through the FiST framework for generating stacked filesystems. eCryptfs extends Cryptfs to provide advanced key management and policy features. eCryptfs stores cryptographic metadata in the header of each file written, so that encrypted files can be copied between hosts; the file will be decryptable with the proper key, and there is no need to keep track of any additional information aside from what is already in the encrypted file itself. Think of eCryptfs as a sort of ``gnupgfs.''

eCryptfs is a native Linux filesystem (other popular cryptographic filesystems for Linux require FUSE or operate via RPC calls). The kernel module component of eCryptfs is upstream in the Linux kernel.

eCryptfs is undergoing a staged feature release process:

• Mount-wide passphrase, specified at mount time (complete)
• Encryption/decryption support (complete)
• Add cipher selection support (complete)
• Add mount-wide public key support, specified at mount time (complete)
• Storage of metadata in file extended attribute region (complete)
• PAM module (complete)
• Multiple keys per inode (complete)
• TPM key module (complete)
• PKCS#11 key module (complete)
• Integrity verification (in progress; preliminary patch here)
• Filename encryption support (in progress; filenamecrypto branch in GIT repo)
• GnuPG key module (in plan)
• Dynamic policy support (in plan)

To use eCryptfs, I recommend that you perform an overlay mount. You can do this on any existing installed system by creating a directory for your encrypted files and then by mounting that directory as an eCryptfs filesystem:

mkdir /secret
mount -t ecryptfs /secret /secret

The eCryptfs mount helper will ask you a few questions about what key you want to use, what cipher you want to use, and so forth. Once mounted, you can read and write to /secret, and your files will be encrypted on disk. Also, make sure that you use dm-crypt with a random key at boot on any swap space you may be using. See the Linux Journal article for some more details on this process.

• April 6, 2008
• The netlink interface with the userspace daemon broke somewhere between 2.6.23 and 2.6.24. This patch migrates to a procfs handle instead, bringing back public key functionality for 2.6.24 and later kernel releases. Until the next ecryptfs-utils release, grab the version in the kernel.org GIT repository.

• January 12, 2008
• Persistent file capability is in 2.6.24, so along with this patch eCryptfs is now mostly compatible with NFS.

• September 15, 2007
• Direct access to the address space maintained by another filesystem can cause problems due to unintended interactions between the owning filesystem and the process making changes. eCryptfs now keeps a persistent lower file for each eCryptfs inode. This means that eCryptfs no longer needs to directly access the lower inode's address space in order to do I/O on the lower files. This helps bring eCryptfs closer to functioning well on networked filesystems like NFS, CIFS, and GPFS. The experimental section contains a release with this feature implemented. Patches for the -mm tree are complete and under test and review.

• August 21, 2007
• ecryptfs-utils version 23 now contains TPM support. You can generate a key bound to certain PCR's and mount eCryptfs against that key. Any files you create from that point on will only be accessible if your PCR values match. You can use this feature to make certain files only decryptable if your machine is booted into a trusted configuration; you do not need to remember or provide any additional secret values for this to work. Think of this as a method for making your existing authentication mechanism on your machine useful for regulating access to files on secondary storage devices, even when the storage device is accessed directly. This provides strong protection against someone booting your computer from a bootable CD and accessing your files, for instance.

• July 19, 2007
• Multi-key support patches sent to the LKML.

• July 14, 2007
• eCryptfs in the 2.6.22 kernel no longer writes 0's at the end of the file on a seek past the end of the file; you have to actually write data after the seek to get the 0's written out. The most recent stand-alone tarball release of the kernel module contains multi-key support. Several keys can be specified via several ecryptfs_sig= mount options; all specified keys will be used by default when creating new files. In addition, eCryptfs will search your user session keyring for keys when opening existing files.

• March 15, 2007
• The April 2007 edition of Linux Journal has an article on eCryptfs. It is on page 54 of the print edition.

• March 7, 2007
• Public key code is now in mainline 2.6.21. There have been many minor bugfix contributions from the community in the last 2 months.

• December 14, 2006
• The public key patches have been accepted into the -mm tree. We have generated RPM and DEB userspace utility packages and have submitted requests with Debian, Fedora (thanks to Bernard Johnson and Kevin Fenzi for reviewing the RPM), and Ubuntu (thanks to William Lima and Reinhard Tartler) to adopt them. Gentoo is already distributing an ebuild for the eCryptfs utilities package (thanks to Charlie Shepherd for making the ebuild).

• November 29, 2006
• The official Linux kernel version 2.6.19 is now released, and eCryptfs is included.

• November 14, 2006
• Kent Yoder has written an eCryptfs key module to allow eCryptfs to utilize the TPM chip. See http://trousers.sourceforge.net/tpm_keyring2/quickstart.html.

• October 4, 2006
• eCryptfs has been merged upstream into 2.6.19-rc1.

See the README that is distributed with the eCryptfs source.

Read the FAQ.

Read the article on eCryptfs. The content of this article was originally published in the April 2007 edition of Linux Journal magazine. This article is now part of the eCryptfs documentation.

Read the guide on setting up a wrapped passphrase PAM mount.

Read the 2005 Ottawa Linux Symposium paper on eCryptfs.

Read the original design document detailing cryptographic properties of eCryptfs. Note that, due to the nature of the Linux kernel development process, the actual implementation may change at any time. Consult the source code directly to get an accurate understanding of exactly what eCryptfs does.

Subscribe to the ecryptfs-users or the ecryptfs-devel mailing list.

Michael Halcrow is the lead developer.

Michael Thompson is a developer.

Phillip Hellewell is the project maintainer.

Erez Zadok and his research team authored and maintain Cryptfs, which is the basis from which eCryptfs was developed.

Many folks have contributed time and resources toward helping eCryptfs become what it is today. These include Steve French (CIFS), David Kleikamp (JFS), and many folks on various mailing lists.