mount.ecryptfs_private

mount.ecryptfs_private [mount_point]

mount_point
    The directory where the encrypted filesystem will be mounted.

The mount.ecryptfs_private command is a helper program used by the mount command to mount an eCryptfs encrypted private directory. eCryptfs is a stacked cryptographic filesystem. It operates at the filesystem level using cryptographic keys to encrypt/decrypt data. This provides a means of securing data at rest, typically for user private directories. This command is commonly called by `mount` with the `-t ecryptfs` option. It handles the specifics of interacting with the eCryptfs kernel module and user-space helper utilities to establish the encryption context, key management, and mount the encrypted directory. It is essential for setting up and accessing encrypted private directories using eCryptfs on Linux systems. The command primarily automates the process of finding the lower, encrypted directory and performing the cryptographic setup. Its use greatly simplifies the creation and management of encrypted home directories and other sensitive data.

Requires the eCryptfs kernel module to be loaded and the `ecryptfs-utils` package to be installed.
The lower, encrypted directory must exist and be properly configured for eCryptfs.
User interaction may be required if the passphrase or key is not stored securely or cached.

When called, mount.ecryptfs_private first determines the encrypted (lower) directory by reading the user's configuration. This is usually found under the user's home directory in the .ecryptfs subdirectory.
It then proceeds to mount the eCryptfs filesystem on the provided mount point, usually the user's home directory. The command uses helper utilities to prompt the user for the encryption passphrase or key, if necessary. It then passes the necessary encryption parameters to the eCryptfs kernel module to establish the encryption context.

eCryptfs offers several key management options, including passphrase-based encryption and encryption with pre-generated keys. mount.ecryptfs_private handles the key retrieval process, prompting the user for input if the key is not readily available or stored in a secure manner.

eCryptfs was developed to provide a robust and flexible method for encrypting individual directories or files. The mount.ecryptfs_private command was created as a convenience tool to integrate eCryptfs functionality seamlessly with the standard Linux mount infrastructure. It became widely adopted for encrypting user home directories in various Linux distributions.

ecryptfsd(8), ecryptfs-setup-private(1), mount(8), umount(8)