Encrypted overlay filesystem written in Go.
An encrypted overlay filesystem written in Go. Official website: https://nuetzlich.net/gocryptfs (markdown source).
gocryptfs is built on top the excellent go-fuse FUSE library. This project was inspired by EncFS and strives to fix its security issues while providing good performance (benchmarks). For details on the security of gocryptfs see the Security design document.
All tags from v0.4 onward are signed by the gocryptfs signing key. Please check Signed Releases for details.
Current Status
gocryptfs has reached version 1.0 on July 17, 2016. It has gone through hours and hours of stress (fsstress, extractloop.bash) and correctness testing (xfstests). It is now considered ready for general consumption.
The old principle still applies: Important data should have a backup. Also, keep a copy of your master key (printed on mount) in a safe place. This allows you to access the data even if the gocryptfs.conf config file is damaged or you lose the password.
The security of gocryptfs has been audited in March 3, 2017. The audit is available here (defuse.ca).
Platforms
Linux is gocryptfs' native platform.
Beta-quality macOS support is available, which means most things work fine but you may hit an occasional problem. Check out ticket #15 for the history of macOS support but please create a new ticket if you hit a problem.
For Windows, an independent C++ reimplementation can be found here: cppcryptfs
A standalone Python tool that can decrypt files & file names is here: gocryptfs-inspect
Installation
Precompiled binaries that work on all x86_64 Linux systems are available for download from the github releases page. The fuse package from your distribution must be installed for mounting to work.
gocryptfs is also available as a package in most distributions. Examples:
- Debian, Ubuntu:
apt install gocryptfs - Arch:
pacman -S gocryptfs - MacPorts:
port install gocryptfs
See the Quickstart page for more info.
Testing
gocryptfs comes with is own test suite that is constantly expanded as features are added. Run it using ./test.bash. It takes about 1 minute and requires FUSE as it mounts several test filesystems.
The stress_tests directory contains stress tests that run indefinitely.
In addition, I have ported xfstests to FUSE, the result is the fuse-xfstests project. gocryptfs passes the "generic" tests with one exception, results: XFSTESTS.md
A lot of work has gone into this. The testing has found bugs in gocryptfs as well as in the go-fuse library.
Compile
Install Go 1.13 or higher:
- Debian/Ubuntu:
apt install golang - Fedora:
dnf install golang
Then, download the source code and compile:
$ git clone https://github.com/rfjakob/gocryptfs.git
$ cd gocryptfs
$ ./build-without-openssl.bash
This will compile a static binary that uses the Go stdlib crypto backend.
If you want to use the OpenSSL crypto backend (faster on old CPUs lacking AES-NI), you have to install a few dependencies:
- Debian/Ubuntu:
apt install libssl-dev gcc pkg-config - Fedora:
dnf install openssl-devel gcc pkg-config
Then, run:
$ ./build.bash
Use
$ mkdir cipher plain
$ ./gocryptfs -init cipher
$ ./gocryptfs cipher plain
See the Quickstart page for more info.
The MANPAGE.md describes all available command-line options.
Use: Reverse Mode
$ mkdir cipher plain
$ ./gocryptfs -reverse -init plain
$ ./gocryptfs -reverse plain cipher
Graphical Interface
The SiriKali project supports gocryptfs and runs on Linux and OSX.
cppcryptfs on Windows provides its own GUI.
Stable CLI ABI
If you want to call gocryptfs from your app or script, see CLI_ABI.md for the official stable ABI. This ABI is regression-tested by the test suite.
Storage Overhead
- Empty files take 0 bytes on disk
- 18 byte file header for non-empty files (2 bytes version, 16 bytes random file id)
- 32 bytes of storage overhead per 4kB block (16 byte nonce, 16 bytes auth tag)
file-format.md contains a more detailed description.
Performance
Since version 0.7.2, gocryptfs is as fast as EncFS in the default mode, and significantly faster than EncFS' "paranoia" mode that provides a security level comparable to gocryptfs.
On CPUs without AES-NI, gocryptfs uses OpenSSL through a thin wrapper called stupidgcm. This provides a 4x speedup compared to Go's builtin AES-GCM implementation. See CPU-Benchmarks for details, or run gocryptfs -speed to see the encryption performance of your CPU. Example for a CPU with AES-NI:
$ ./gocryptfs -speed
gocryptfs v2.2.0-beta1-5-g52b0444-dirty; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-14 go1.17.1 linux/amd64
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz; with AES acceleration
AES-GCM-256-OpenSSL 862.79 MB/s
AES-GCM-256-Go 997.71 MB/s (selected in auto mode)
AES-SIV-512-Go 159.58 MB/s
XChaCha20-Poly1305-OpenSSL 729.65 MB/s
XChaCha20-Poly1305-Go 843.97 MB/s (selected in auto mode)
You can run ./benchmark.bash to run gocryptfs' canonical set of benchmarks that include streaming write, extracting a linux kernel tarball, recursively listing and finally deleting it. The output will look like this:
$ ./benchmark.bash
Testing gocryptfs at /tmp/benchmark.bash.xFD: gocryptfs v2.0; go-fuse v2.1.1-0.20210508151621-62c5aa1919a7; 2021-06-06 go1.16.5 linux/amd64
WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,698174 s, 375 MB/s
READ: 262144000 bytes (262 MB, 250 MiB) copied, 0,268916 s, 975 MB/s
UNTAR: 8,970
MD5: 4,846
LS: 1,851
RM: 2,367
fromhttps://github.com/rfjakob/gocryptfs
