forked from ~ljy/RK356X_SDK_RELEASE
blame | history | patch | commit | commitdiff
hc
2024-10-22 8ac6c7a54ed1b98d142dce24b11c6de6a1e239a5 
 kernel/Documentation/security/keys/ecryptfs.rst
....@@ -5,10 +5,10 @@
55 ECryptfs is a stacked filesystem which transparently encrypts and decrypts each
66 file using a randomly generated File Encryption Key (FEK).
77 
8
-Each FEK is in turn encrypted with a File Encryption Key Encryption Key (FEFEK)
8
+Each FEK is in turn encrypted with a File Encryption Key Encryption Key (FEKEK)
99 either in kernel space or in user space with a daemon called 'ecryptfsd'.  In
1010 the former case the operation is performed directly by the kernel CryptoAPI
11
-using a key, the FEFEK, derived from a user prompted passphrase;  in the latter
11
+using a key, the FEKEK, derived from a user prompted passphrase;  in the latter
1212 the FEK is encrypted by 'ecryptfsd' with the help of external libraries in order
1313 to support other mechanisms like public key cryptography, PKCS#11 and TPM based
1414 operations.
....@@ -22,12 +22,12 @@
2222 The 'encrypted' key type has been extended with the introduction of the new
2323 format 'ecryptfs' in order to be used in conjunction with the eCryptfs
2424 filesystem.  Encrypted keys of the newly introduced format store an
25
-authentication token in its payload with a FEFEK randomly generated by the
25
+authentication token in its payload with a FEKEK randomly generated by the
2626 kernel and protected by the parent master key.
2727 
2828 In order to avoid known-plaintext attacks, the datablob obtained through
2929 commands 'keyctl print' or 'keyctl pipe' does not contain the overall
30
-authentication token, which content is well known, but only the FEFEK in
30
+authentication token, which content is well known, but only the FEKEK in
3131 encrypted form.
3232 
3333 The eCryptfs filesystem may really benefit from using encrypted keys in that the