mirror of
https://github.com/torvalds/linux.git
synced 2024-11-24 21:21:41 +00:00
doc: Fix acronym "FEKEK" in ecryptfs
"FEFEK" was incorrectly used as acronym for "File Encryption Key Encryption Key". This replaces all occurences with "FEKEK". Signed-off-by: Felix Eckhofer <felix@eckhofer.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
This commit is contained in:
parent
c03e2fa753
commit
ff34876377
@ -5,10 +5,10 @@ Encrypted keys for the eCryptfs filesystem
|
||||
ECryptfs is a stacked filesystem which transparently encrypts and decrypts each
|
||||
file using a randomly generated File Encryption Key (FEK).
|
||||
|
||||
Each FEK is in turn encrypted with a File Encryption Key Encryption Key (FEFEK)
|
||||
Each FEK is in turn encrypted with a File Encryption Key Encryption Key (FEKEK)
|
||||
either in kernel space or in user space with a daemon called 'ecryptfsd'. In
|
||||
the former case the operation is performed directly by the kernel CryptoAPI
|
||||
using a key, the FEFEK, derived from a user prompted passphrase; in the latter
|
||||
using a key, the FEKEK, derived from a user prompted passphrase; in the latter
|
||||
the FEK is encrypted by 'ecryptfsd' with the help of external libraries in order
|
||||
to support other mechanisms like public key cryptography, PKCS#11 and TPM based
|
||||
operations.
|
||||
@ -22,12 +22,12 @@ by the userspace utility 'mount.ecryptfs' shipped with the package
|
||||
The 'encrypted' key type has been extended with the introduction of the new
|
||||
format 'ecryptfs' in order to be used in conjunction with the eCryptfs
|
||||
filesystem. Encrypted keys of the newly introduced format store an
|
||||
authentication token in its payload with a FEFEK randomly generated by the
|
||||
authentication token in its payload with a FEKEK randomly generated by the
|
||||
kernel and protected by the parent master key.
|
||||
|
||||
In order to avoid known-plaintext attacks, the datablob obtained through
|
||||
commands 'keyctl print' or 'keyctl pipe' does not contain the overall
|
||||
authentication token, which content is well known, but only the FEFEK in
|
||||
authentication token, which content is well known, but only the FEKEK in
|
||||
encrypted form.
|
||||
|
||||
The eCryptfs filesystem may really benefit from using encrypted keys in that the
|
||||
|
Loading…
Reference in New Issue
Block a user