diff options
author | Kees Cook <keescook@chromium.org> | 2017-05-13 14:51:51 +0300 |
---|---|---|
committer | Jonathan Corbet <corbet@lwn.net> | 2017-05-18 19:33:47 +0300 |
commit | 09f5412cc5b0969d428a0acd4ec5673cf5811c58 (patch) | |
tree | 115579053f9c8c94390116b61c7502ea5a8c9b55 | |
parent | b68101a1e8f0263dbc7b8375d2a7c57c6216fb76 (diff) | |
download | linux-09f5412cc5b0969d428a0acd4ec5673cf5811c58.tar.xz |
doc: ReSTify keys-ecryptfs.txt
Adjusts for ReST markup and moves under keys security devel index.
Cc: David Howells <dhowells@redhat.com>
Cc: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
-rw-r--r-- | Documentation/security/00-INDEX | 2 | ||||
-rw-r--r-- | Documentation/security/keys/ecryptfs.rst (renamed from Documentation/security/keys-ecryptfs.txt) | 19 | ||||
-rw-r--r-- | Documentation/security/keys/index.rst | 1 |
3 files changed, 13 insertions, 9 deletions
diff --git a/Documentation/security/00-INDEX b/Documentation/security/00-INDEX index a840095bb11c..08a6e7a195ef 100644 --- a/Documentation/security/00-INDEX +++ b/Documentation/security/00-INDEX @@ -1,7 +1,5 @@ 00-INDEX - this file. -keys-ecryptfs.txt - - description of the encryption keys for the ecryptfs filesystem. keys-request-key.txt - description of the kernel key request service. keys-trusted-encrypted.txt diff --git a/Documentation/security/keys-ecryptfs.txt b/Documentation/security/keys/ecryptfs.rst index c3bbeba63562..4920f3a8ea75 100644 --- a/Documentation/security/keys-ecryptfs.txt +++ b/Documentation/security/keys/ecryptfs.rst @@ -1,4 +1,6 @@ - Encrypted keys for the eCryptfs filesystem +========================================== +Encrypted keys for the eCryptfs filesystem +========================================== ECryptfs is a stacked filesystem which transparently encrypts and decrypts each file using a randomly generated File Encryption Key (FEK). @@ -35,20 +37,23 @@ controlled environment. Another advantage is that the key is not exposed to threats of malicious software, because it is available in clear form only at kernel level. -Usage: +Usage:: + keyctl add encrypted name "new ecryptfs key-type:master-key-name keylen" ring keyctl add encrypted name "load hex_blob" ring keyctl update keyid "update key-type:master-key-name" -name:= '<16 hexadecimal characters>' -key-type:= 'trusted' | 'user' -keylen:= 64 +Where:: + + name:= '<16 hexadecimal characters>' + key-type:= 'trusted' | 'user' + keylen:= 64 Example of encrypted key usage with the eCryptfs filesystem: Create an encrypted key "1000100010001000" of length 64 bytes with format -'ecryptfs' and save it using a previously loaded user key "test": +'ecryptfs' and save it using a previously loaded user key "test":: $ keyctl add encrypted 1000100010001000 "new ecryptfs user:test 64" @u 19184530 @@ -62,7 +67,7 @@ Create an encrypted key "1000100010001000" of length 64 bytes with format $ keyctl pipe 19184530 > ecryptfs.blob Mount an eCryptfs filesystem using the created encrypted key "1000100010001000" -into the '/secret' directory: +into the '/secret' directory:: $ mount -i -t ecryptfs -oecryptfs_sig=1000100010001000,\ ecryptfs_cipher=aes,ecryptfs_key_bytes=32 /secret /secret diff --git a/Documentation/security/keys/index.rst b/Documentation/security/keys/index.rst index ddfe7e4726e6..d34f663354bb 100644 --- a/Documentation/security/keys/index.rst +++ b/Documentation/security/keys/index.rst @@ -6,3 +6,4 @@ Kernel Keys :maxdepth: 1 core + ecryptfs |