rootninja

eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux that is

“derived from Erez Zadok’s Cryptfs, implemented through the FiST framework for generating stacked filesystems. eCryptfs extends Cryptfs to provide advanced key management and policy features. eCryptfs stores cryptographic metadata in the header of each file written, so that encrypted files can be copied between hosts; the file will be decryptable with the proper key, and there is no need to keep track of any additional information aside from what is already in the encrypted file itself. Think of eCryptfs as a sort of gnupgfs.”

There’s an extensive Q&A section here, and packages available for Ubuntu (ecryptfs-utils) right there on the homepage.

In terms of per-file key management, according to Dustin Kirkland, eCryptfs uses the methods of PGP (created by Philip Zimmermann in 1991 and formally specified as a public standard in RFC2440 in 1998) and takes next step of applying those methods within a filesystem service in the kernel. eCryptfs employs the well-weathered encryption techniques that have been in common use in the community for over two decades. eCryptfs just happens to be the first such filesystem to make it upstream in the Linux kernel.