EncFS

EncFS
Developer(s)	Valient Gough
Stable release	1.9.5 / April 27, 2018;6 years ago
Repository	github.com/vgough/encfs ;
Operating system	Linux, FreeBSD, macOS, Windows ("encfs4win" port) (also Safe, an alternative macOS, Windows port) and Android apps
Type	filesystem, encryption
License	LGPL
Website	EncFS home

Last updated October 05, 2024

EncFS is a Free (LGPL) FUSE-based cryptographic filesystem. It transparently encrypts files, using an arbitrary directory as storage for the encrypted files.^[4]^[5]

Two directories are involved in mounting an EncFS filesystem: the source directory, and the mountpoint. Each file in the mountpoint has a specific file in the source directory that corresponds to it. The file in the mountpoint provides the unencrypted view of the one in the source directory. Filenames are encrypted in the source directory.

Files are encrypted using a volume key, which is stored either within or outside the encrypted source directory.^[6] A password is used to decrypt this key.

EncFS has been declared dormant with no further updates by Valient Gough, the developer, on its Github page in May 2024.

Common uses

In Linux, allows encryption of home folders as an alternative to eCryptfs.
Allows encryption of files and folders saved to cloud storage (Dropbox, Google Drive, OneDrive, etc.).
Allows portable encryption of file folders on removable disks.
Available as a cross-platform folder encryption mechanism.
Increases storage security by adding two-factor authentication (2FA). When the EncFS volume key is stored outside the encrypted source directory and into a physically separated location from the actual encrypted data, it significantly increases security by adding a two-factor authentication (2FA). For example, EncFS is able to store each unique volume key anywhere else than the actual encrypted data, such as on a USB flash drive, network mount, optical disc or cloud.^[6] In addition to that a password could be required to decrypt this volume key.

Advantages

EncFS offers several advantages over other disk encryption software simply because each file is stored individually as an encrypted file elsewhere in the host's directory tree.

Cross-platform

EncFS is available on multiple platforms, whereas eCryptfs is tied to the Linux kernel

Bitrot detection

EncFS implements bitrot detection on top of any underlying filesystem

Scalable storage

EncFS has no "volumes" that occupy a fixed size — encrypted directories grow and shrink as more files are added to or removed from the mountpoint

Normal file server

EncFS's encrypted directory can be located on a normal file server (via NFS, SSHFS, etc.) and can be mirrored and backed up efficiently with normal file-system tools, such as Rsync

Different physical devices

It is possible for some directories on the mountpoint to exist on different physical devices, if a filesystem is mounted over one of the sub-directories in the source directory

Faster backup

Backup utilities can back up only the files that have changed in the source directory (file synchronisation, cloud storage)

Reduced corruption

Corruption of data is more isolated. Corruption of filedata is local to a single file, and data corruption of the filesystem can be corrected with a reliable filesystem repair utility like fsck. Some whole-disk encryption systems lack one or both of these attributes.

Optimizations

Since file modifications shine through to the underlying file system, various optimizations by the operating system are still possible unlike with full-disk encryption. For example, passing information about released space (TRIM) can improve performance of SSD drives. But this is also supported with dm-crypt.

Random file access

Files can be accessed at random. You can, for example, skip to the middle of a very large encrypted video without decrypting the whole file.

Disadvantages

There are some drawbacks to using EncFS.

Compatibility

Mounted EncFS directories share the same features and restrictions as the filesystem containing the source directory.

No support for very long filenames

Due to encryption, the filenames for encrypted files produced by EncFS are longer than the original filenames. Therefore, filenames whose length is close to the maximum supported by the filesystem cannot be stored by EncFS, since they will exceed the length limit after encryption. Most filesystems limit filenames to 255 bytes; in that case, EncFS only supports filenames up to 190 bytes.^[7]^[8]

General security concerns

Anyone having access to the source directory is able to see how many files are in the encrypted filesystem, what permissions they have, their approximate size, and the last time they were accessed or modified, though the file names and file data are encrypted.^[9]

EncFS 1.7 security concerns

A paid security audit was conducted in February 2014, which revealed several potential vulnerabilities. It concludes:^[10]

EncFS is probably safe as long as the adversary only gets one copy of the ciphertext and nothing more. EncFS is not safe if the adversary has the opportunity to see two or more snapshots of the ciphertext at different times. EncFS attempts to protect files from malicious modification, but there are serious problems with this feature.

EncFS 1.8 security concerns

The announcement of EncFS 1.8 included several underlying design changes, acknowledging the security concerns raised in the previous audit. However, certain concerns still remain regarding those vulnerabilities.^[11]

Filesystem options

When creating a new EncFS volume, several different options are available to customize the filesystem to suit various needs.

Cipher algorithm

EncFS uses whatever ciphers it is able to locate in various encryption libraries on the system. Blowfish and AES are typically available.

The cipher key length (keySize) can be selected for ciphers that support variable key lengths.

Block size

Each file is encrypted in blocks, and this option controls what size those blocks are. Each time a single byte is read the entire block it is contained in must be decrypted. Likewise, for each write the block must be decrypted, altered, and re-encrypted.

The default block size of 1024 is sufficient for most purposes.

Filename encoding

Filenames in the source directory can be plain or encrypted in block or stream mode. Block mode obscures the filename length somewhat, while stream mode keeps them as short as possible, which might save space on the source directory's filesystem depending on how that filesystem manages the directory tree.

Filename IV chaining

When enabled, the initialization vector for filename encryption is derived from the file's parent directories, causing two files with the same name — but in different directories — to have different encrypted filenames.

If a directory is renamed, all files and directories contained therein will need to have their encrypted filenames re-encrypted, which can be an expensive operation. This option should be disabled if heavily populated directories will be renamed often.

Per-file IV initialization vector

When enabled, each file is encrypted with a random 8-byte initialization vector, which is stored within the encrypted file in the source directory. If this option is disabled, each file is encrypted with the same initialization vector, which can make the volume key easier to break.

Enabling this option makes the filesystem more secure at the cost of an additional 8 bytes per file.

External IV chaining

Causes the file data initialization vector to be derived from the filename's initialization vector chain. The same data will be encrypted differently given a different filename or directory.

Consequently, renaming a file when this mode is enabled requires that either the file's random initialization vector be offset by the change in the filename initialization vector chain, or the data be re-encoded. The authors of EncFS have chosen the former route as it is considerably faster, especially for large files.

Filename to IV header chaining

Makes encoding depend on the full pathname. So renaming or moving means reencoding. Hardlinks are not supported.

Block MAC headers

Stores a checksum with each encrypted block, causing corruption or modification of the encrypted files to be detected by EncFS. The checksum (blockMACBytes) is 8 bytes, and optionally up to 8 additional bytes of random data (blockMACRandBytes) can be added to each block to prevent two blocks with the same unencrypted data from having the same checksum. This option creates a large amount of CPU overhead, as each block's checksum must be calculated when data is read (to verify integrity) or written (to update the checksum).

Related Research Articles

NT File System (NTFS) is a proprietary journaling file system developed by Microsoft in the 1990s.

ext2, or second extended file system, is a file system for the Linux kernel. It was initially designed by French software developer Rémy Card as a replacement for the extended file system (ext). Having been designed according to the same principles as the Berkeley Fast File System from BSD, it was the first commercial-grade filesystem for Linux.

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

HFS Plus or HFS+ is a journaling file system developed by Apple Inc. It replaced the Hierarchical File System (HFS) as the primary file system of Apple computers with the 1998 release of Mac OS 8.1. HFS+ continued as the primary Mac OS X file system until it was itself replaced with the Apple File System (APFS), released with macOS High Sierra in 2017. HFS+ is also one of the formats supported by the iPod digital music player.

In computing, a file system or filesystem governs file organization and access. A local file system is a capability of an operating system that services the applications running on the same computer. A distributed file system is a protocol that provides file access between networked computers.

In cryptography and steganography, plausibly deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the plaintext data exists.

Encryption software is software that uses cryptography to prevent unauthorized access to digital information. Cryptography is used to protect digital information on computers as well as the digital information that is sent to other computers over the Internet.

Disk encryption is a special case of data at rest protection when the storage medium is a sector-addressable device. This article presents cryptographic aspects of the problem. For an overview, see disk encryption. For discussion of different software packages and hardware devices devoted to this problem, see disk encryption software and disk encryption hardware.

Steganographic file systems are a kind of file system first proposed by Ross Anderson, Roger Needham, and Adi Shamir. Their paper proposed two main methods of hiding data: in a series of fixed size files originally consisting of random bits on top of which 'vectors' could be superimposed in such a way as to allow levels of security to decrypt all lower levels but not even know of the existence of any higher levels, or an entire partition is filled with random bits and files hidden in it.

The following tables compare general and technical information for a number of file systems.

ext4 is a journaling file system for Linux, developed as the successor to ext3.

Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage.

Filesystem-level encryption, often called file-based encryption, FBE, or file/folder encryption, is a form of disk encryption where individual files or directories are encrypted by the file system itself.

In cryptography, a watermarking attack is an attack on disk encryption methods where the presence of a specially crafted piece of data can be detected by an attacker without knowing the encryption key.

This is a technical feature comparison of different disk encryption software.

dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks. In addition to that, dm-crypt addresses some reliability problems of cryptoloop.

Btrfs is a computer storage format that combines a file system based on the copy-on-write (COW) principle with a logical volume manager, developed together. It was created by Chris Mason in 2007 for use in Linux, and since November 2013, the file system's on-disk format has been declared stable in the Linux kernel.

This is a comparison of online backup services.

eCryptfs is a package of disk encryption software for Linux. Its implementation is a POSIX-compliant filesystem-level encryption layer, aiming to offer functionality similar to that of GnuPG at the operating system level, and has been part of the Linux kernel since version 2.6.19.

ZFS is a file system with volume management capabilities. It began as part of the Sun Microsystems Solaris operating system in 2001. Large parts of Solaris, including ZFS, were published under an open source license as OpenSolaris for around 5 years from 2005 before being placed under a closed source license when Oracle Corporation acquired Sun in 2009–2010. During 2005 to 2010, the open source version of ZFS was ported to Linux, Mac OS X and FreeBSD. In 2010, the illumos project forked a recent version of OpenSolaris, including ZFS, to continue its development as an open source project. In 2013, OpenZFS was founded to coordinate the development of open source ZFS. OpenZFS maintains and manages the core ZFS code, while organizations using ZFS maintain the specific code and validation processes required for ZFS to integrate within their systems. OpenZFS is widely used in Unix-like systems.

References

↑ "Releases - vgough/encfs" . Retrieved 11 June 2018– via GitHub.
↑ "Valient Gough". Valient Gough. Retrieved 23 April 2018.
↑ "encfs4win - an experimental project of porting encfs to the Windows world". Archived from the original on 4 July 2011. Retrieved 29 November 2013.
↑ Falko, Timme (2017-01-14). "How to Encrypt your Data with EncFS on Debian 8 (Jessie)". The Linux Foundation . Retrieved 2017-04-13.
↑ Falko, Timme (2016-05-06). "Encrypt your Data with EncFS on Ubuntu 16.04". The Linux Foundation . Retrieved 2017-04-13.
1 2 Gough, Valient (2016-12-26). "ENVIRONMENT VARIABLES". GitHub . Retrieved 2017-05-07.
↑ "Issue #7 - alternative filename storage for very long filenames". github.com. 2014-08-22. Retrieved 2016-01-27. Long filenames can exceed the filesystem limits after encryption & encoding.
↑ "Manpage for enfs.1". manpages.ubuntu.com. Ubuntu. Archived from the original on 2016-02-03. Retrieved 2016-01-27. If your underlying filesystem limits you to N characters in a filename, then EncFS will limit you to approximately 3*(N-2)/4. For example if the host filesystem limits to 256 characters, then EncFS will be limited to 190 character filenames. This is because encrypted filenames are always longer than plaintext filenames.
↑ "EncFS Directory Encryption Notes". Archived from the original on 2016-10-03. Retrieved 2015-06-08.
↑ "EncFS Security Audit".
↑ "EncFS 1.8 Announcement".

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Releases - vgough/encfs" . Retrieved 11 June 2018– via GitHub.

[2] "Valient Gough". Valient Gough. Retrieved 23 April 2018.

[3] "encfs4win - an experimental project of porting encfs to the Windows world". Archived from the original on 4 July 2011. Retrieved 29 November 2013.

[4] Falko, Timme (2017-01-14). "How to Encrypt your Data with EncFS on Debian 8 (Jessie)". The Linux Foundation . Retrieved 2017-04-13.

[5] Falko, Timme (2016-05-06). "Encrypt your Data with EncFS on Ubuntu 16.04". The Linux Foundation . Retrieved 2017-04-13.

[:0-6] 1 2 Gough, Valient (2016-12-26). "ENVIRONMENT VARIABLES". GitHub . Retrieved 2017-05-07.

[7] "Issue #7 - alternative filename storage for very long filenames". github.com. 2014-08-22. Retrieved 2016-01-27. Long filenames can exceed the filesystem limits after encryption & encoding.

[8] "Manpage for enfs.1". manpages.ubuntu.com. Ubuntu. Archived from the original on 2016-02-03. Retrieved 2016-01-27. If your underlying filesystem limits you to N characters in a filename, then EncFS will limit you to approximately 3*(N-2)/4. For example if the host filesystem limits to 256 characters, then EncFS will be limited to 190 character filenames. This is because encrypted filenames are always longer than plaintext filenames.

[9] "EncFS Directory Encryption Notes". Archived from the original on 2016-10-03. Retrieved 2015-06-08.

[10] "EncFS Security Audit".

[11] "EncFS 1.8 Announcement".

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]