About GNU Linux Enterprise-class Encrypting File System Ecryptfs Introduction

/********************************************************************* * Author:samson * date:11/20/2014 * Test PL Atform: * 3.13.0-24-generic * GNU bash, 4.3.11 (1)-release * *********************************** ********************************/

The Ecryptfs Encrypting File System provides transparent, dynamic, efficient, and secure encryption for applications by stacking them on top of other file systems (such as EXT2, Ext3, Ext3,reiserfs, JFS, etc.).

Encrypting File system solves the problem by integrating cryptographic services into the file system. The contents of the encrypted file are generally encrypted by the symmetric key algorithm in the form of ciphertext stored on the physical media, even if the file is lost or stolen, in the case of the encryption key is not disclosed, the non-authorized users can almost not through the ciphertext reverse access to the text of the file, thereby guaranteeing high security. At the same time, it is convenient for authorized users to access encrypted files. After the user's initial authentication, the access to the encrypted file and the normal file is no different, as if the file has not been encrypted, because the Encrypting File system automatically in the background to do the relevant encryption and decryption work. Because the Encrypting File system generally works in the kernel state, the common attack is more difficult to be effective. The advantages of Encrypting File System are:

1. Support file granularity encryption, that is, users can choose which files or directories to encrypt. Furthermore, the application is not concerned about whether the file is encrypted and can access the encrypted file completely and transparently.

2. There is no need to pre-reserve enough space for users to encrypt or restore files at any time.

3. It is easier to change the key and encryption algorithm for a single encrypted file.

4. Different files can use different encryption algorithms and keys, increasing the difficulty of cracking.

5. Only encrypted files require special encryption/decryption processing, and access to ordinary files is not an additional cost.

6. There is no additional encryption/decryption overhead when the encrypted file is transferred to another physical medium.

In fact, this is one of the ways to implement similar features in the so-called file vault under Windows. *-&

ECRYPTFS Official Address:

http://ecryptfs.org/

Documentation for the IBM Developer Technical Documentation Library:

Enterprise-Class Encrypting File System Ecryptfs Detailed:

Http://www.ibm.com/developerworks/cn/linux/l-cn-ecryptfs/index.html

About GNU Linux Enterprise-class Encrypting File System Ecryptfs Introduction