EncFS
Encyclopedia
EncFS is a Free
(GPL
) FUSE-based cryptographic filesystem that transparently encrypts files, using an arbitrary directory as storage for the encrypted files.
Two directories are involved in mounting an EncFS filesystem: the source directory, and the mountpoint. Each file in the mountpoint has a specific file in the source directory that corresponds to it. The file in the mountpoint provides the unencrypted view of the one in the source directory. Filenames are encrypted in the source directory.
Files are encrypted using a volume key, which is stored encrypted in the source directory. A password
is used to decrypt this key.
simply because each file is stored individually as an encrypted file somewhere else in the host's directory tree.
and AES
are typically available.
The cipher key length can be selected for ciphers that support variable key lengths.
The default block size of 1024 is sufficient for most purposes.
for filename encryption is derived from the file's parent directories, causing two files with the same name — but in different directories — to have different encrypted filenames.
If a directory is renamed, all files and directories contained therein will need to have their encrypted filenames re-encrypted, which can be an expensive operation. This option should be disabled if heavily-populated directories will be renamed often.
Enabling this option makes the filesystem more secure at the cost of an additional 8 bytes per file.
Consequently, renaming a file when this mode is enabled requires that either the file's random initialization vector be offset by the change in the filename initialization vector chain, or the data be re-encoded. The authors of EncFS have chosen the former route as it is considerably faster, especially for large files.
overhead, as each block's checksum must be calculated when data is read (to verify integrity) or written (to update the checksum).
If EncFS is unable to decrypt a file with the volume key, it is ignored. If EncFS is forced to ignore an invalid password entry, the volume key will decode differently, and hence files will be encrypted and decrypted with a different key. This will present two different encrypted volumes given different passwords.
However, it is possible that two filenames on two different secondary volumes will be encrypted to the same filename. In this case, any other file will be overwritten with a new file being created. Note that this refers only to the encrypted filenames, not the unencrypted filenames. This danger can be averted by creating one directory per secondary volume and storing files in the only visible directory after a secondary volume is mounted.
Also, if the password is changed, the volume key will be re-encoded with the new password. This will cause secondary filesystems to vanish, as the volume key will no longer incorrectly decode to the same key for a given secondary password. If the primary password is changed back, the secondary filesystems will become available again.
The EncFS author does not support this technique.
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
(GPL
GNU General Public License
The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....
) FUSE-based cryptographic filesystem that transparently encrypts files, using an arbitrary directory as storage for the encrypted files.
Two directories are involved in mounting an EncFS filesystem: the source directory, and the mountpoint. Each file in the mountpoint has a specific file in the source directory that corresponds to it. The file in the mountpoint provides the unencrypted view of the one in the source directory. Filenames are encrypted in the source directory.
Files are encrypted using a volume key, which is stored encrypted in the source directory. A password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
is used to decrypt this key.
Advantages
EncFS offers several advantages over other disk encryption softwareDisk encryption software
To protect confidentiality of the data stored on a computer disk a computer security technique called disk encryption is used. This article discusses software that is used to implement the technique...
simply because each file is stored individually as an encrypted file somewhere else in the host's directory tree.
- EncFS "volumesVolume (computing)In the context of computer operating systems, volume is the term used to describe a single accessible storage area with a single file system, typically resident on a single partition of a hard disk. Similarly, it refers to the logical interface used by an operating system to access data stored on...
" do not occupy a fixed size — they grow and shrink as more files are added to or removed from the mountpoint. - It is possible for some directories on the mountpoint to exist on different physical devices, if a filesystem is mounted over one of the subdirectories in the source directory.
- Backup utilities can back up only the files that have changed in the source directory.
- Corruption of data is more isolated. Data corruption of filedata is local to a single file and data corruption of the filesystem can be corrected with a reliable filesystem repair utility like fsckFsckThe system utility fsck is a tool for checking the consistency of a file system in Unix and Unix-like operating systems such as Linux.-Use:...
. In some whole-disk encryption systems, one or both of these attributes are not present. - Since file modifications shine through to the underlying file system, various optimizations by the operating system are still possible unlike with full disk encryption. For example, passing information about released space (TRIM) can improve performance of SSD drives.
Disadvantages
There are some drawbacks to using EncFS.- EncFS volumes cannot be formatted with an arbitrary filesystem. They share the same features and restrictions as the filesystem containing the source directory.
- Fragmentation of the encrypted volume causes fragmentation of the filesystem containing the source directory.
- Anyone having access to the source directory is able to see how many files are in the encrypted filesystem, what permissions they have, their approximate size, and the last time they were accessed or modified.
Filesystem options
When creating a new EncFS volume, several different options are available to customize the filesystem to suit various needs.Cipher
EncFS uses whatever ciphers it is able to locate in various encryption libraries on the system. BlowfishBlowfish (cipher)
Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date...
and AES
Advanced Encryption Standard
Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
are typically available.
The cipher key length can be selected for ciphers that support variable key lengths.
Block size
Each file is encrypted in blocks, and this option controls what size those blocks are. Each time a single byte is read the entire block it is contained in must be decrypted. Likewise, for each write the block must be decrypted, altered, and re-encrypted.The default block size of 1024 is sufficient for most purposes.
Filename encoding
Filenames in the source directory can be encrypted in block or stream mode. Block mode obscures the filename length somewhat, while stream mode keeps them as short as possible, which might save space on the source directory's filesystem depending on how that filesystem manages the directory tree.Filename IV chaining
When enabled, the initialization vectorInitialization vector
In cryptography, an initialization vector is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom...
for filename encryption is derived from the file's parent directories, causing two files with the same name — but in different directories — to have different encrypted filenames.
If a directory is renamed, all files and directories contained therein will need to have their encrypted filenames re-encrypted, which can be an expensive operation. This option should be disabled if heavily-populated directories will be renamed often.
Per-file IV
When enabled, each file is encrypted with a random 8-byte initialization vector, which is stored within the encrypted file in the source directory. If this option is disabled, each file is encrypted with the same initialization vector, which can make the volume key easier to break.Enabling this option makes the filesystem more secure at the cost of an additional 8 bytes per file.
External IV chaining
Causes the file data initialization vector to be derived from the filename's initialization vector chain. The same data will be encrypted differently given a different filename or directory.Consequently, renaming a file when this mode is enabled requires that either the file's random initialization vector be offset by the change in the filename initialization vector chain, or the data be re-encoded. The authors of EncFS have chosen the former route as it is considerably faster, especially for large files.
Block MAC headers
Stores a checksum with each encrypted block, causing corruption or modification of the encrypted files to be detected by EncFS. The checksum is 8 bytes, and optionally up to 8 additional bytes of random data can be added to each block to prevent two blocks with the same unencrypted data from having the same checksum. This option creates a large amount of CPUCentral processing unit
The central processing unit is the portion of a computer system that carries out the instructions of a computer program, to perform the basic arithmetical, logical, and input/output operations of the system. The CPU plays a role somewhat analogous to the brain in the computer. The term has been in...
overhead, as each block's checksum must be calculated when data is read (to verify integrity) or written (to update the checksum).
Secondary volumes
EncFS supports a somewhat primitive form of secondary volumes, that is, a single source directory offering different files given different passwords.If EncFS is unable to decrypt a file with the volume key, it is ignored. If EncFS is forced to ignore an invalid password entry, the volume key will decode differently, and hence files will be encrypted and decrypted with a different key. This will present two different encrypted volumes given different passwords.
However, it is possible that two filenames on two different secondary volumes will be encrypted to the same filename. In this case, any other file will be overwritten with a new file being created. Note that this refers only to the encrypted filenames, not the unencrypted filenames. This danger can be averted by creating one directory per secondary volume and storing files in the only visible directory after a secondary volume is mounted.
Also, if the password is changed, the volume key will be re-encoded with the new password. This will cause secondary filesystems to vanish, as the volume key will no longer incorrectly decode to the same key for a given secondary password. If the primary password is changed back, the secondary filesystems will become available again.
The EncFS author does not support this technique.
See also
- List of cryptographic file systems
- List of file systems
- Filesystem-level encryptionFilesystem-level encryptionFilesystem-level encryption, often called file or folder encryption, is a form of disk encryption where individual files or directories are encrypted by the file system itself...
- Full disk encryptionFull disk encryptionDisk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage. The term "full disk encryption" is often used to signify that everything on a disk is encrypted, including the...