From: Tyler Hicks <tyhicks@canonical.com>
To: "Christian Stüble" <stueble@sirrix.com>
Cc: ecryptfs@vger.kernel.org
Subject: Re: Separating different ecryptfs mounts
Date: Wed, 24 Sep 2014 09:06:12 -0500 [thread overview]
Message-ID: <20140924140612.GA19163@boyd> (raw)
In-Reply-To: <6009718.QGyqnh1K9Q@hp-stueble>
[-- Attachment #1: Type: text/plain, Size: 1398 bytes --]
On 2014-09-24 10:50:57, Christian Stüble wrote:
> Hi,
>
> is it possible with ecryptfs to have two different ecryptfs mounts, e.g.,
>
> plain1 -> raw1
> plain2 -> raw2
>
> using two different openssl keys, and to ensure that each key is _only_
> used by its own mount? That is, I want to prevent that files copied between
> raw1 and raw2 are automatically decrypted.
Everything above is doable except for the last part. Copying files
between two eCryptfs mount points will result in the file being
decrypted when copied out of the first mount and re-encrypted when copied
into the second mount point.
>
> To my understanding of the IBM paper about ecryptfs, it should be possible to
> set a policy defining which mount is allowed to use which key, but I could not
> find any documentation about it.
The policy feature described in the IBM paper was future thinking. It
has never been implemented and there are no near term plans to implement
it. I would be willing to accept patches that implement the feature.
Tyler
>
> When it is possible, can you explain or point me to some docs describing how I
> can do this?
>
> Thanks,
> Chris
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe ecryptfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2014-09-24 14:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-24 8:50 Separating different ecryptfs mounts Christian Stüble
2014-09-24 14:06 ` Tyler Hicks [this message]
2014-09-24 14:20 ` Christian Stüble
2014-09-24 14:51 ` Tyler Hicks
2014-09-25 8:10 ` Christian Stüble
2014-09-25 8:48 ` Christian Stüble
2014-10-02 21:05 ` Tyler Hicks
2014-10-06 11:14 ` AW: " Anna Fischer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140924140612.GA19163@boyd \
--to=tyhicks@canonical.com \
--cc=ecryptfs@vger.kernel.org \
--cc=stueble@sirrix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).