Encfs

EncFS interacts directly with libfuse (FUSE interface), the logging library, and OpenSSL (encryption library). “Communication” with the kernel occurs through FUSE.

Libfuse interaction

• EncFS callback layer receives requests from libfuse.
• Further, these requests are redirected to the corresponding node in the directory (DirNode) or file (FileNode) or information from the cache is returned if it is present there.
• Implementations of the interfaces for displaying names (NameIO) and contents (FileIO) of files return decrypted information.

EncFS Encryption Overview

The OpenSSL library used provides the encryption algorithms AES (16-byte block cipher with a key length of 128–256 bits) and Blowfish (8-byte block cipher with a key length of 128–256 bits). In earlier versions (before 1.1), the Botan encryption library was partially supported. Encryption is as follows:

• A file node (FileNode) sends read / write requests through an instance of FileIO;
• FileIO forms a chain for encryption;
• The BlockFileIO layer converts requests into block-oriented.

File Name Encryption

File names are encrypted and then encoded in 64-bit encoding, simultaneously getting rid of the characters “.” And “/”. There is the possibility of streaming (standard to version 1.1) and block encryption. The 16-bit MAC is used as an IV (initialization vector) and is assigned in front to the encrypted name, which allows you to randomize the encryption result (the same file names are encrypted differently, since the entire path to the file is used when generating the initialization vector).

Password Usage

Each instance of the EncFS file system uses a randomly generated key (volume key). This key is stored encrypted using a user-entered password. And it is decrypted when the user enters the password from the keyboard. This allows you to achieve the following benefits:

• To change the volume password, you just need to change one line in the configuration file.
• Good extensibility for password recovery.

File System Block Size

All read / write operations in EncFS are block. The block size is determined by the user when creating the file system and varies from 64 to 4096 bytes. The small block size reduces random access time, but increases the number of requests when reading / writing large pieces of files. The large block size helps increase the speed of data processing, but increases the random access time. Unlike real file systems, a large block size does not lead to a loss of disk space (blocks that are not completely filled up are not clogged with zeros).

Using MAC

When encrypting, a MAC header is added to each block in the file. Up to and including the latest version of EncFS, 64-bit SHA-1 is used as the MAC. Thus, a 512-byte block is 504 bytes of encrypted data and 8 bytes of MAC.

Configuration file

Each instance of the EncFS file system contains the configuration file “.encfs%”, where% is the version number. This file contains:

• encryption options, including algorithm (AES, BlowFish) and key length;
• MAC headers (Message authentication code)
• encryption block size.

EncFS supports the basic semantics of the file system with the exception of the following:

• renaming the directory updates the value of the change time in the files contained in it;
• hard links are not allowed because the data from the file is bound to the file name.

The main implementation of EncFS is supported by the operating systems Linux, Mac OS X, FreeBSD. Under Windows, there are several actively developing implementations ^{[3] [4] [5] [6]} .

Using encrypted directories is very similar to installing any other file system under Linux. A real directory is created with all your files, for example, / home / user / crypt-raw. You must also create a mount point, let it be / home / user / crypt. When accessing these directories, you should make sure that you use absolute paths (not only / usr / bin / crypt).

Data is encrypted with the command:

  > encfs / home / user / crypt-raw / home / user / crypt
 Volume key not found, creating new encrypted volume.
 Password:
 Verify:

When the encryption is completed, you can access the files using the crypt directory. After completing work, you can use the command:

  > fusermount -u / home / user / crypt

This command unmounts the crypt directory, leaving crypt-raw encrypted.

EncFS has a number of advantages over other hard disk partition encryption systems, because each file is separately encrypted and saved as a regular file.

• The disk space occupied by EncFS “volumes” is not fixed - it grows and shrinks depending on changes in the number and size of encrypted files.
• Some directories in a mount point directory can physically reside on different devices.
• Backup tools can only update files that have changed in the source directory, and not the entire directory.

• EncFS volumes cannot be formatted for an arbitrary file system. They retain the features and limitations of the file system containing the source directory.
• Fragmentation of an encrypted volume causes fragmentation of the file system containing the source directory.
• Each user with access to the source directory is able to see the number of files in the encrypted file system, what rights they have, their approximate size, the approximate name length, and the date of the last access or change.

When creating a new EncFS directory, various options are available.

Encryption Algorithm

EncFS can use any encryption algorithms that can be found in the system. Commonly available are Blowfish and AES .

If the encryption algorithm allows you to select the key length, you can do this when using it in EncFS.

Block Size

Each file is encrypted block by block and this option allows you to select the block size. When reading at least one byte from an encrypted file, the entire block is decrypted. Also, when recording, the block is first decrypted in its entirety, and then encrypted back.

By default, the block size is 512, which is sufficient in most cases.

File Encryption

Unlike the contents of encrypted files, file names can be encrypted with a block or stream cipher. The block cipher allows you to hide the exact length of the file names, while the stream cipher shows it exactly, saving space on the medium (albeit insignificant).

Chains of Complete File

This option allows you to encrypt the same file names in different directories in different ways, based on the full path to the file.

However, if the parent directory is renamed, then all the underlying files and directories will also be renamed. This can be a rather costly operation. Therefore, it is not recommended to use this option if frequent renaming of directories of large nesting is supposed.

Trigger Vector for Files

If the option is enabled, then each file is encrypted with an arbitrary 8-byte trigger vector, which is located inside the encrypted file. If the option is disabled, then each file is encrypted with the same initiating vector, which can make the key less resistant to cracking.

Enabling this option makes the file system more secure at the cost of adding only 8 bytes to each file.

External Circuits of Initiation Vectors

Allows you to encrypt the contents of the same blocks of different files in different ways, based on the full path to the file.

Accordingly, changing the path to the file will change its encrypted content.

Block MAC headers

Allows you to store the checksum of each encrypted block so that damage or modification of the encrypted file can be detected by EncFS. The checksum is 8 bytes added to each block. You can use 8 more optional random bytes so that two identical open blocks have a different checksum.

This option imposes additional costs on the CPU , since each block must be checked for compliance with its checksum during each read or write.

Auto dismantle after a certain period of non-use

If the encrypted file system has not been used for some time (several minutes), then it can be automatically unmounted. Unmounting will not occur if at least one file is open, even for reading.

Comparison was made with the file systems CryptoFS (also based on FUSE) and LUKS (implemented at the kernel level). The CryptoFS and EncFS file systems show better performance with file and write sizes close to the native page size of Linux systems (4096 KB). The results of both userspace systems are significantly behind the results of LUKS encryption, as expected. Indeed, the use of various FUSE abstractions and cryptographic systems imposes an additional delay on all read and write operations. However, EncFS performance was slightly higher than CryptoFS performance ^[7] .

• Botan __ (program library)

• New EncFS Project Site
• Old EncFS Project Website
• EncFS Security Audit
• Encrypt user data with EncFS
• LUKS, EncFS and CryptoFS data encryption systems for Linux
• HOWTO: EncFS in Ubuntu and Fedora GNU / Linux
• encfs version 1.3.2 for Mac OS X (link not available)
• encfs4win: Port for Windows
• EncFS MP: Another port for Windows and OSX with graphical interface
• WEncFS unfinished project for porting EncFS for Windows ^{[1] [2] [3] [4]}
• Safe: Another implementation of each file for Windows and Mac OS X, without a kernel-mode driver (slower), but completely open source

1. ↑ Contact | wencfs Project | Assembla
2. ↑ Home | wencfs Project | Assembla
3. ↑ Source | SVN | Assembla
4. ↑ Files | wencfs Project | Assembla