Re: Separating different ecryptfs mounts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 2014-09-24 10:50:57, Christian Stüble wrote:
> Hi,
> is it possible with ecryptfs to have two different ecryptfs mounts, e.g.,
> plain1 -> raw1
> plain2 -> raw2
> using two different openssl keys, and to ensure that each key is _only_
> used by its own mount? That is, I want to prevent that files copied between 
> raw1 and raw2 are automatically decrypted. 

Everything above is doable except for the last part. Copying files
between two eCryptfs mount points will result in the file being
decrypted when copied out of the first mount and re-encrypted when copied
into the second mount point.

> To my understanding of the IBM paper about ecryptfs, it should be possible to 
> set a policy defining which mount is allowed to use which key, but I could not 
> find any documentation about it. 

The policy feature described in the IBM paper was future thinking. It
has never been implemented and there are no near term plans to implement
it. I would be willing to accept patches that implement the feature.


> When it is possible, can you explain or point me to some docs describing how I 
> can do this?
> Thanks,
> Chris
> --
> To unsubscribe from this list: send the line "unsubscribe ecryptfs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at

Attachment: signature.asc
Description: Digital signature

[Index of Archives]     [Linux Crypto]     [Device Mapper Crypto]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux