On 2014-09-24 10:50:57, Christian Stüble wrote: > Hi, > > is it possible with ecryptfs to have two different ecryptfs mounts, e.g., > > plain1 -> raw1 > plain2 -> raw2 > > using two different openssl keys, and to ensure that each key is _only_ > used by its own mount? That is, I want to prevent that files copied between > raw1 and raw2 are automatically decrypted. Everything above is doable except for the last part. Copying files between two eCryptfs mount points will result in the file being decrypted when copied out of the first mount and re-encrypted when copied into the second mount point. > > To my understanding of the IBM paper about ecryptfs, it should be possible to > set a policy defining which mount is allowed to use which key, but I could not > find any documentation about it. The policy feature described in the IBM paper was future thinking. It has never been implemented and there are no near term plans to implement it. I would be willing to accept patches that implement the feature. Tyler > > When it is possible, can you explain or point me to some docs describing how I > can do this? > > Thanks, > Chris > > > -- > To unsubscribe from this list: send the line "unsubscribe ecryptfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
signature.asc
Description: Digital signature
