summaryrefslogtreecommitdiff
path: root/Documentation/security
diff options
context:
space:
mode:
authorRoberto Sassu <roberto.sassu@polito.it>2011-06-27 13:45:44 +0200
committerMimi Zohar <zohar@linux.vnet.ibm.com>2011-06-27 09:11:17 -0400
commit79a73d188726b473ca3bf483244bc96096831905 (patch)
tree787ba050c91981cae2524b1e95e415424b067e64 /Documentation/security
parentf8f8527103a264b5e4ab2ce5c1743b28f3219d90 (diff)
encrypted-keys: add ecryptfs format support
The 'encrypted' key type defines its own payload format which contains a symmetric key randomly generated that cannot be used directly to mount an eCryptfs filesystem, because it expects an authentication token structure. This patch introduces the new format 'ecryptfs' that allows to store an authentication token structure inside the encrypted key payload containing a randomly generated symmetric key, as the same for the format 'default'. More details about the usage of encrypted keys with the eCryptfs filesystem can be found in the file 'Documentation/keys-ecryptfs.txt'. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Acked-by: Gianluca Ramunno <ramunno@polito.it> Acked-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'Documentation/security')
-rw-r--r--Documentation/security/keys-trusted-encrypted.txt6
1 files changed, 4 insertions, 2 deletions
diff --git a/Documentation/security/keys-trusted-encrypted.txt b/Documentation/security/keys-trusted-encrypted.txt
index 0afcb5023c7..5f50ccabfc8 100644
--- a/Documentation/security/keys-trusted-encrypted.txt
+++ b/Documentation/security/keys-trusted-encrypted.txt
@@ -63,7 +63,7 @@ Usage:
keyctl add encrypted name "load hex_blob" ring
keyctl update keyid "update key-type:master-key-name"
-format:= 'default'
+format:= 'default | ecryptfs'
key-type:= 'trusted' | 'user'
@@ -154,4 +154,6 @@ Load an encrypted key "evm" from saved blob:
24717c64 5972dcb82ab2dde83376d82b2e3c09ffc
Other uses for trusted and encrypted keys, such as for disk and file encryption
-are anticipated.
+are anticipated. In particular the new format 'ecryptfs' has been defined in
+in order to use encrypted keys to mount an eCryptfs filesystem. More details
+about the usage can be found in the file 'Documentation/keys-ecryptfs.txt'.