ecryptfs-users team mailing list archive

[Dustin Kirkland <kirkland@xxxxxxxxxx>]

On Thu, Aug 6, 2009 at 8:41 AM, zorgluf <zorgluf@xxxxxxxxx> wrote:
> Hi,
> First, I would like to thank you all for the work on ecryptfs, I
> really like the design of this encipherment solution.

My apologies for losing your message.  It was caught up in
Launchpad.net's spam filter, and it's only now (1.5 years later) that
I've found it.  Again, sorry about that!

> I discovered this solution a few months ago so I am still a newbie,
> but I have made en few tricks to display more information using
> ecryptfs-stat, especially to display authentication tokens associated
> with the files. It's mainly copy/paste from the ecryptfs kernel
> module. Here is the patch against "ecryptfs-utils-74".

Interesting.  One bit of feedback, we very much prefer reading patches
in the "unified diff" format.  When diffing two files or directories,
please use "diff -uprN".  Thanks!

> My goal is to use ecryptfs in a multi-user environment (network
> shares), and I am a little bit lost when looking at ecryptfs
> possibilities :
> -> Can we have more human readable information, other than the
> signature, about an authentication token used to encrypt a file ? Like
> a distinguished name for asymetric key or a login for a passphrase ?
> The goal is to know who has encrypted the file.

So you're going to use the group permission bit to allow more than one
person to write to a file?  Otherwise, wouldn't just the file own
suffice?

If not, then I think you'd need to maintain some mappings of key
signatures to usernames, and lookup against that.  Perhaps Tyler knows
a better way to handle this.

> -> Can we add, on an already created file, a new authentication token
> (when you own an already active authentication token on the file, of
> course...) ?

Not that I know of.  Sorry.

> Thanks in advance for your answers,

Cheers, and I do apologize for the very, very late reply.

-- 
:-Dustin

Dustin Kirkland
Ubuntu Core Developer