From: Kees Cook Date: Sat, 13 May 2017 11:51:51 +0000 (-0700) Subject: doc: ReSTify keys-ecryptfs.txt X-Git-Tag: v4.13-rc1~180^2~21 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=09f5412cc5b0969d428a0acd4ec5673cf5811c58;p=thirdparty%2Flinux.git doc: ReSTify keys-ecryptfs.txt Adjusts for ReST markup and moves under keys security devel index. Cc: David Howells Cc: Tyler Hicks Signed-off-by: Kees Cook Signed-off-by: Jonathan Corbet --- diff --git a/Documentation/security/00-INDEX b/Documentation/security/00-INDEX index a840095bb11cb..08a6e7a195efe 100644 --- a/Documentation/security/00-INDEX +++ b/Documentation/security/00-INDEX @@ -1,7 +1,5 @@ 00-INDEX - this file. -keys-ecryptfs.txt - - description of the encryption keys for the ecryptfs filesystem. keys-request-key.txt - description of the kernel key request service. keys-trusted-encrypted.txt diff --git a/Documentation/security/keys-ecryptfs.txt b/Documentation/security/keys/ecryptfs.rst similarity index 91% rename from Documentation/security/keys-ecryptfs.txt rename to Documentation/security/keys/ecryptfs.rst index c3bbeba63562f..4920f3a8ea757 100644 --- a/Documentation/security/keys-ecryptfs.txt +++ b/Documentation/security/keys/ecryptfs.rst @@ -1,4 +1,6 @@ - Encrypted keys for the eCryptfs filesystem +========================================== +Encrypted keys for the eCryptfs filesystem +========================================== ECryptfs is a stacked filesystem which transparently encrypts and decrypts each file using a randomly generated File Encryption Key (FEK). @@ -35,20 +37,23 @@ controlled environment. Another advantage is that the key is not exposed to threats of malicious software, because it is available in clear form only at kernel level. -Usage: +Usage:: + keyctl add encrypted name "new ecryptfs key-type:master-key-name keylen" ring keyctl add encrypted name "load hex_blob" ring keyctl update keyid "update key-type:master-key-name" -name:= '<16 hexadecimal characters>' -key-type:= 'trusted' | 'user' -keylen:= 64 +Where:: + + name:= '<16 hexadecimal characters>' + key-type:= 'trusted' | 'user' + keylen:= 64 Example of encrypted key usage with the eCryptfs filesystem: Create an encrypted key "1000100010001000" of length 64 bytes with format -'ecryptfs' and save it using a previously loaded user key "test": +'ecryptfs' and save it using a previously loaded user key "test":: $ keyctl add encrypted 1000100010001000 "new ecryptfs user:test 64" @u 19184530 @@ -62,7 +67,7 @@ Create an encrypted key "1000100010001000" of length 64 bytes with format $ keyctl pipe 19184530 > ecryptfs.blob Mount an eCryptfs filesystem using the created encrypted key "1000100010001000" -into the '/secret' directory: +into the '/secret' directory:: $ mount -i -t ecryptfs -oecryptfs_sig=1000100010001000,\ ecryptfs_cipher=aes,ecryptfs_key_bytes=32 /secret /secret diff --git a/Documentation/security/keys/index.rst b/Documentation/security/keys/index.rst index ddfe7e4726e6d..d34f663354bb3 100644 --- a/Documentation/security/keys/index.rst +++ b/Documentation/security/keys/index.rst @@ -6,3 +6,4 @@ Kernel Keys :maxdepth: 1 core + ecryptfs