GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → netheril96 → Securefs

netheril96 / Securefs

Licence: other
Filesystem in userspace (FUSE) with transparent authenticated encryption

Labels

cloudauthenticationcryptographyencryptioncryptofilesystemfusefuse-filesystem

Projects that are alternatives of or similar to Securefs

Cryfs
Cryptographic filesystem for the cloud
Stars: ✭ 1,560 (+201.16%)
Mutual labels:  cloud, fuse, fuse-filesystem, filesystem, cryptography, encryption, crypto
Supertag
A tag-based filesystem
Stars: ✭ 207 (-60.04%)
Mutual labels:  fuse, fuse-filesystem, filesystem
Gocryptfs
Encrypted overlay filesystem written in Go
Stars: ✭ 2,088 (+303.09%)
Mutual labels:  fuse, filesystem, encryption
Awesome Iam
👤 Identity and Access Management Knowledge for Cloud Platforms
Stars: ✭ 186 (-64.09%)
Mutual labels:  cloud, authentication, cryptography
Catfs
Cache AnyThing filesystem written in Rust
Stars: ✭ 404 (-22.01%)
Mutual labels:  fuse, fuse-filesystem, filesystem
Fusell Seed
FUSE (the low-level interface) file system boilerplate 📂 🔌 💾
Stars: ✭ 9 (-98.26%)
Mutual labels:  fuse, fuse-filesystem, filesystem
Gitpass
Open Source Your Password (Mismanagement)!
Stars: ✭ 113 (-78.19%)
Mutual labels:  cloud, cryptography, encryption
Zbox
Zero-details, privacy-focused in-app file system.
Stars: ✭ 1,185 (+128.76%)
Mutual labels:  filesystem, encryption, crypto
fusell-seed
FUSE (the low-level interface) file system boilerplate 📂 🔌 💾
Stars: ✭ 13 (-97.49%)
Mutual labels:  fuse, filesystem, fuse-filesystem
loggedfs-python
Filesystem monitoring with Fuse and Python
Stars: ✭ 21 (-95.95%)
Mutual labels:  fuse, filesystem, fuse-filesystem
fuse xattrs
add xattrs support using sidecar files.
Stars: ✭ 28 (-94.59%)
Mutual labels:  fuse, filesystem, fuse-filesystem
Fuse Ts
Stars: ✭ 6 (-98.84%)
Mutual labels:  fuse, fuse-filesystem, filesystem
Distribyted
📂 ➡️ 📺 🎶 🎮 Torrent client with on-demand file downloading as a filesystem.
Stars: ✭ 791 (+52.7%)
Mutual labels:  fuse, fuse-filesystem, filesystem
S2n Tls
s2n : an implementation of the TLS/SSL protocols
Stars: ✭ 4,029 (+677.8%)
Mutual labels:  cryptography, encryption, crypto
S3fs Fuse
FUSE-based file system backed by Amazon S3
Stars: ✭ 5,733 (+1006.76%)
Mutual labels:  fuse, fuse-filesystem, filesystem
Securitydriven.inferno
✅ .NET crypto done right. Professionally audited.
Stars: ✭ 501 (-3.28%)
Mutual labels:  cryptography, encryption, crypto
Siphash Js
A Javascript implementation of SipHash-2-4
Stars: ✭ 90 (-82.63%)
Mutual labels:  authentication, cryptography, crypto
Jmacaroons
Pure Java implementation of Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud. Android ready. Online playground available.
Stars: ✭ 100 (-80.69%)
Mutual labels:  authentication, cryptography, crypto
GitFS
A FUSE filesystem that stores data on Git
Stars: ✭ 26 (-94.98%)
Mutual labels:  fuse, filesystem, fuse-filesystem
Awesome Cryptography
A curated list of cryptography resources and links.
Stars: ✭ 3,475 (+570.85%)
Mutual labels:  cryptography, encryption, crypto
View All Similar Projects ➔

securefs

securefs is a filesystem in userspace (FUSE) with transparent encryption (when writing) and decryption (when reading).

securefs mounts a regular directory onto a mount point. The mount point appears as a regular filesystem, where one can read/write/create files, directories and symbolic links. The underlying directory will be automatically updated to contain the encrypted and authenticated contents.

Motivation

From sensitive financial records to personal diaries and collection of guilty pleasures, we all have something to keep private from prying eyes. Especially when we store our files in the cloud, the company and the NSA may well get their hands upon it. The best protection we can afford ourselves is cryptography, the discipline developed by mathematicians and military originally to keep the national secrets.

Security, however, is often at odds with convenience, and people easily grow tired of the hassle and revert to no protection at all. Consider the case of protecting our files either locally or in the cloud: we have to encrypt the files before committing to the cloud and decrypt it every time we need to read and write. Worse still, such actions leave unencrypted traces on our hard drive. If we store data in the cloud, another issue arise: manual encryption and decryption prevent files from being synced efficiently.

securefs is intended to make the experience as smooth as possible so that the security and convenience do not conflict. After mounting the virtual filesystem, everything just works™.

Comparison

There are already many encrypting filesystem in widespread use. Some notable ones are TrueCrypt, FileVault, BitLocker, eCryptFS, encfs and gocryptfs. securefs differs from them in that it is the only one with all of the following features:

  • Authenticated encryption (hence secure against chosen ciphertext attacks)
  • Probabilistic encryption (hence provides semantical security)
  • Supported on all major platforms (Mac, Linux, BSDs and Windows)
  • Efficient cloud synchronization (not a single preallocated file as container)

Install

Actions Status

macOS

Install with Homebrew. osxfuse has to be installed beforehand.

brew install securefs

Windows

Windows users can download prebuilt package from the releases section. It depends on WinFsp and VC++ 2017 redistribution package.

Linux

Linux users have to build it from source.

First fuse must be installed.

  • On Debian based Linux distro, sudo apt-get install fuse libfuse-dev build-essential cmake.
  • On RPM based Linux, sudo yum install fuse fuse-devel.

Then clone the sources by git clone --recursive, and execute linux-build.sh.

FreeBSD (unofficial)

Install using packages (recommended):

pkg install fusefs-securefs

or ports:

make -C /usr/ports/sysutils/fusefs-securefs install

Make sure you load the fuse kernel module before using securefs:

kldload fuse
sysrc -f /boot/loader.conf fuse_load="YES"  # Load fuse automatically at boot

Basic usage

It is recommended to disable or encrypt the swap and hibernation file. Otherwise plaintext and keys stored in the main memory may be written to disk by the OS at any time.

Examples:

securefs --help
securefs create ~/Secret
securefs chpass ~/Secret
securefs mount ~/Secret ~/Mount # press Ctrl-C to unmount
securefs m -h # m is an alias for mount, -h tell you all the flags

Lite and full mode

There are two categories of filesystem format.

The lite format simply encrypts filenames and file contents separately, similar to how encfs operates, although with more security.

The full format maps files, directory and symlinks in the virtual filesystem all to regular files in the underlying filesystem. The directory structure is flattened and recorded as B-trees in files.

The lite format has become the default on Unix-like operating systems as it is much faster and features easier conflict resolution, especially when used with DropBox, Google Drive, etc. The full format, however, leaks fewer information about the filesystem hierarchy, runs relatively independent of the features of the underlying filesystem, and is in general more secure.

To request full format, which is no longer the default, run securefs create --format 2.

Design and algorithms

See here.

Caveat

If you store securefs encrypted files on iCloud Drive, it might cause Spotlight Search on iOS to stop working. It is a bug in iOS, not in securefs.

To work around that bug, you can disable the indexing of Files app in Settings -> Siri & Suggestions.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].