ecryptfs-rewrite-file

ecryptfs-rewrite-file FILE

The ecryptfs-rewrite-file command is a utility within the eCryptfs filesystem suite designed to rewrite the contents of a file that resides within an eCryptfs mount.

This operation is crucial for several maintenance tasks, such as updating the file's header to the latest eCryptfs version supported by the kernel, or re-encrypting the file using the currently active session key. It effectively decrypts the data using the file's current key and then re-encrypts it using the session key, without needing to copy or manually decrypt the file outside the eCryptfs mount. This is particularly useful when the eCryptfs passphrase is changed or when migrating files to a new encryption policy or key.

This command operates directly on the encrypted file within an eCryptfs mount. Ensure that the eCryptfs filesystem is properly mounted and the necessary keys are loaded into the kernel keyring before execution. Incorrect usage or system issues during the rewrite process could potentially lead to data corruption or inaccessibility. It's advisable to have backups of critical data before performing such operations. The process re-encrypts the file with the currently mounted session key, so ensure the desired key is active.

The ecryptfs-rewrite-file command is an integral part of the eCryptfs utilities, which have been developed as a stacked cryptographic filesystem for Linux. eCryptfs was initially developed by the IBM Linux Technology Center and later integrated into the mainline Linux kernel. Utilities like ecryptfs-rewrite-file were developed to provide necessary maintenance and management capabilities for encrypted filesystems, enabling operations like key updates and format migrations without manual intervention.

ecryptfs(7), mount.ecryptfs_private(1), ecryptfs-manager(1), ecryptfs-insert-wrapped-passphrase-into-keyring(1), ecryptfs-add-new-key-to-keyring(1)