Method 3: download and compile http://people.redhat.com/~dhowells/keyutils/keyutils-1.2.tar.bz2 ecrypt tarjxfkeyutils-1.2.tar.bz2 cdkeyutils-1.2 make; makeinstall tarjxfecryptfs-20070306.tar.bz2 cdecryptfs-20070306/ecryptfs-util./configure; make; makeinstall compile kernel makemenucong Filesystems > Miscellaneousfilesystems CONFIG_ECRYPT_ loaded module modprobeecrypt (and encryption module) add mkdir/root/crypt mkdir/mnt/root/crypt mount-tecryptfs/crypt/mnt/crypt (prompts for password and algorithm) uninstall umount/mnt/crypt reload mount-tecryptfs/root/crypt/mnt/crypt (prompts for password and algorithm), it seems that the feature is the ability to ecryptfs on directory is encrypted without encrypting the entire disk.
Direct read raw files in a directory, you can only read the encrypted data, it is necessary to correctly read the data, only the directory using ecryptfs file system format is loaded into another directory, you will not be able to read. While at load time to specify a password and encryption algorithm, which plays the role of confidentiality. If the load time specifies the wrong password or encryption algorithm, you can still load without error, but the read data is invalid. Ecryptfs code in fs/ecryptfs directory, only newer kernel versions only, I am using linux-2.6.21. Its implementation and the previous two methods, it is the way by file system. Above several encryption methods, at load time to enter the password, in order to use the convenience, and PAM + libpam-mount plug-in integration, with the current user's password as the encryption of passwords, so you only need to log in to enter once is enough.
No comments:
Post a Comment