ecryptfs-setup-private(1) eCryptfs ecryptfs-setup-private(1)NAMEecryptfs-setup-private - setup an eCryptfs private directory.
SYNOPSISecryptfs-setup-private [--username USER] [--loginpass LOGINPASS]
[--mountpass MOUNTPASS]
OPTIONS
Options available for the ecryptfs-setup-private command:
--username USER
User to setup, default is current user if omitted
--loginpass LOGINPASS
System passphrase for USER, used to wrap MOUNTPASS, will inter‐
actively prompt if omitted
--mountpass MOUNTPASS
Passphrase for mounting the ecryptfs directory, default is 16
bytes from /dev/urandom if omitted
DESCRIPTIONecryptfs-setup-private is a program that sets up a private crypto‐
graphic mountpoint for a non-root user.
Be sure to properly escape your parameters according to your shell's
special character nuances, and also surround the parameters by double
quotes, if necessary. Any of the parameters may be:
1) exported as environment variables
2) specified on the command line
3) left empty and interactively prompted
The user SHOULD ABSOLUTELY RECORD THE MOUNT PASSPHRASE AND STORE IN A
SAFE LOCATION. If the mount passphase file is lost, or the mount
passphrase is forgotten, THERE IS NO WAY TO RECOVER THE ENCRYPTED DATA.
Using the values of USER, MOUNTPASS, and LOGINPASS, ecryptfs-setup-pri‐
vate will:
- Create ~/.Private (permission 700)
- Create ~/Private (permission 500)
- Backup any existing wrapped passphrases
- Use LOGINPASS to wrap and encrypt MOUNTPASS
- Write to ~/.ecryptfs/wrapped-passphrase
- Add the passphrase to the current keyring
- Write the passphrase signature to ~/.ecryptfs/Private.sig
- Test the cryptographic mount with a few reads and writes
The system administrator can add the pam_ecryptfs.so module to the PAM
stack which will automatically use the login passphrase to unwrap the
mount passphrase, add the passphrase to the user's kernel keyring, and
automatically perform the mount. See pam_ecryptfs(8).
FILES
~/.ecryptfs/auto-mount
~/.Private - underlying directory containing encrypted data
~/Private - mountpoint containing decrypted data (when mounted)
~/.ecryptfs/Private.sig - file containing signature of mountpoint
passphrase
~/.ecryptfs/wrapped-passphrase - file containing the mount passphrase,
wrapped with the login passphrase
SEE ALSOecryptfs-rewrap-passphrase(1), mount.ecryptfs_private(1),
pam_ecryptfs(8), umount.ecryptfs_private(1)
/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html
http://ecryptfs.sourceforge.net/
AUTHOR
This manpage and the ecryptfs-setup-private utility was written by
Dustin Kirkland <kirkland@canonical.com> for Ubuntu systems (but may be
used by others). Permission is granted to copy, distribute and/or mod‐
ify this document under the terms of the GNU General Public License,
Version 2 or any later version published by the Free Software Founda‐
tion.
On Debian systems, the complete text of the GNU General Public License
can be found in /usr/share/common-licenses/GPL.
ecryptfs-utils 2008-07-21 ecryptfs-setup-private(1)