doc: ReSTify keys-ecryptfs.txt · tjh.dev/kernel@09f5412

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

doc: ReSTify keys-ecryptfs.txt

Adjusts for ReST markup and moves under keys security devel index.

Cc: David Howells <dhowells@redhat.com>
Cc: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>

authored by

Kees Cook and committed by

Jonathan Corbet 9 years ago 09f5412c b68101a1

+13 -9

3 changed files

expand all

Documentation

security

00-INDEX

keys

ecryptfs.rst

index.rst

-2

Documentation/security/00-INDEX

··· 1 1 00-INDEX 2 2 - this file. 3 - keys-ecryptfs.txt 4 - - description of the encryption keys for the ecryptfs filesystem. 5 3 keys-request-key.txt 6 4 - description of the kernel key request service. 7 5 keys-trusted-encrypted.txt

+12 -7

Documentation/security/keys-ecryptfs.txt Documentation/security/keys/ecryptfs.rst

··· 1 - Encrypted keys for the eCryptfs filesystem 1 + ========================================== 2 + Encrypted keys for the eCryptfs filesystem 3 + ========================================== 2 4 3 5 ECryptfs is a stacked filesystem which transparently encrypts and decrypts each 4 6 file using a randomly generated File Encryption Key (FEK). ··· 37 35 threats of malicious software, because it is available in clear form only at 38 36 kernel level. 39 37 40 - Usage: 38 + Usage:: 39 + 41 40 keyctl add encrypted name "new ecryptfs key-type:master-key-name keylen" ring 42 41 keyctl add encrypted name "load hex_blob" ring 43 42 keyctl update keyid "update key-type:master-key-name" 44 43 45 - name:= '<16 hexadecimal characters>' 46 - key-type:= 'trusted' | 'user' 47 - keylen:= 64 44 + Where:: 45 + 46 + name:= '<16 hexadecimal characters>' 47 + key-type:= 'trusted' | 'user' 48 + keylen:= 64 48 49 49 50 50 51 Example of encrypted key usage with the eCryptfs filesystem: 51 52 52 53 Create an encrypted key "1000100010001000" of length 64 bytes with format 53 - 'ecryptfs' and save it using a previously loaded user key "test": 54 + 'ecryptfs' and save it using a previously loaded user key "test":: 54 55 55 56 $ keyctl add encrypted 1000100010001000 "new ecryptfs user:test 64" @u 56 57 19184530 ··· 67 62 $ keyctl pipe 19184530 > ecryptfs.blob 68 63 69 64 Mount an eCryptfs filesystem using the created encrypted key "1000100010001000" 70 - into the '/secret' directory: 65 + into the '/secret' directory:: 71 66 72 67 $ mount -i -t ecryptfs -oecryptfs_sig=1000100010001000,\ 73 68 ecryptfs_cipher=aes,ecryptfs_key_bytes=32 /secret /secret

Documentation/security/keys/index.rst

··· 6 6 :maxdepth: 1 7 7 8 8 core 9 + ecryptfs