EncFS is a Free (

LGPL The GNU Lesser General Public License (LGPL) is a free-software license published by the Free Software Foundation (FSF). The license allows developers and companies to use and integrate a software component released under the LGPL into their own ...

)

FUSE Fuse or FUSE may refer to: Devices * Fuse (electrical), a device used in electrical systems to protect against excessive current ** Fuse (automotive), a class of fuses for vehicles * Fuse (hydraulic), a device used in hydraulic systems to protect ...

-based cryptographic filesystem. It transparently

encrypt In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can deci ...

s files, using an arbitrary directory as storage for the encrypted files. Two directories are involved in mounting an EncFS filesystem: the source directory, and the mountpoint. Each file in the mountpoint has a specific file in the source directory that corresponds to it. The file in the mountpoint provides the unencrypted view of the one in the source directory. Filenames are encrypted in the source directory. Files are encrypted using a volume key, which is stored either within or outside the encrypted source directory. A

password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...

is used to decrypt this key.

Common uses

* In Linux, allows encryption of home folders as an alternative to

eCryptfs __NOTOC__ eCryptfs (''Enterprise Cryptographic Filesystem'') is a package of disk encryption software for Linux. Its implementation is a POSIX-compliant filesystem-level encryption layer, aiming to offer functionality similar to that of GnuPG at ...

. * Allows encryption of files and folders saved to

cloud storage Cloud storage is a model of computer data storage in which the digital data is stored in logical pools, said to be on "the cloud". The physical storage spans multiple servers (sometimes in multiple locations), and the physical environment is t ...

(

Dropbox Dropbox is a file hosting service operated by the American company Dropbox, Inc., headquartered in San Francisco, California, U.S. that offers cloud storage, file synchronization, personal cloud, and Client (computing), client software. Dropb ...

Google Drive Google Drive is a file storage and synchronization service developed by Google. Launched on April 24, 2012, Google Drive allows users to store files in the cloud (on Google's servers), synchronize files across devices, and share files. In add ...

OneDrive Microsoft OneDrive (formerly SkyDrive) is a file hosting service operated by Microsoft. First launched in August 2007, it enables registered users to share and synchronize their files. OneDrive also works as the storage backend of the web vers ...

, etc.). * Allows portable encryption of file folders on removable disks. * Available as a cross-platform folder encryption mechanism. * Increases storage security by adding

two-factor authentication Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting ...

(2FA). When the EncFS volume key is stored outside the encrypted source directory and into a physically separated location from the actual encrypted data, it significantly increases security by adding a

(2FA). For example, EncFS is able to store each unique volume key anywhere else than the actual encrypted data, such as on a

USB flash drive A USB flash drive (also called a thumb drive) is a data storage device that includes flash memory with an integrated USB interface. It is typically removable, rewritable and much smaller than an optical disc. Most weigh less than . Since firs ...

, network mount,

optical disc In computing and optical disc recording technologies, an optical disc (OD) is a flat, usually circular disc that encodes binary data (bits) in the form of pits and lands on a special material, often aluminum, on one of its flat surfaces. ...

cloud In meteorology, a cloud is an aerosol consisting of a visible mass of miniature liquid droplets, frozen crystals, or other particles suspended in the atmosphere of a planetary body or similar space. Water or various other chemicals may co ...

. In addition to that a

could be required to decrypt this volume key.

Advantages

EncFS offers several advantages over other

disk encryption software Disk encryption software is computer security software that protects the confidentiality of data stored on computer media (e.g., a hard disk, floppy disk, or USB device) by using disk encryption. Compared to access controls commonly enforced by ...

simply because each file is stored individually as an encrypted file elsewhere in the host's directory tree.

Cross-platform

EncFS is available on multiple platforms, whereas

is tied to the

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...

kernel

Bitrot detection

EncFS implements bitrot detection on top of any underlying filesystem

Scalable storage

EncFS has no "

volumes Volume is a measure of occupied three-dimensional space. It is often quantified numerically using SI derived units (such as the cubic metre and litre) or by various imperial or US customary units (such as the gallon, quart, cubic inch). The defi ...

" that occupy a fixed size — encrypted directories grow and shrink as more files are added to or removed from the mountpoint

Normal file server

EncFS's encrypted directory can be located on a normal file server (via NFS,

SSHFS In computing, SSHFS (SSH Filesystem) is a filesystem client to mount and interact with directories and files located on a remote server or workstation over a normal ssh connection. The client interacts with the remote file system via the SSH ...

, etc.) and can be mirrored and backed up efficiently with normal file-system tools, such as

Rsync rsync is a utility for efficiently transferring and synchronizing files between a computer and a storage drive and across networked computers by comparing the modification times and sizes of files. It is commonly found on Unix-like operat ...

Different physical devices

It is possible for some directories on the mountpoint to exist on different physical devices, if a filesystem is mounted over one of the sub-directories in the source directory

Faster backup

Backup utilities can back up only the files that have changed in the source directory (file synchronisation, cloud storage)

Reduced corruption

Corruption of data is more isolated. Corruption of filedata is local to a single file, and data corruption of the filesystem can be corrected with a reliable filesystem repair utility like

fsck The system utility fsck (''file system consistency check'') is a tool for checking the consistency of a file system in Unix and Unix-like operating systems, such as Linux, macOS, and FreeBSD. A similar command, CHKDSK, exists in Microsoft Windows ...

. Some whole-disk encryption systems lack one or both of these attributes.

Optimizations

Since file modifications shine through to the underlying file system, various optimizations by the operating system are still possible unlike with full-disk encryption. For example, passing information about released space (

TRIM Trim or TRIM may refer to: Cutting * Cutting or trimming small pieces off something to remove them ** Book trimming, a stage of the publishing process ** Pruning, trimming as a form of pruning often used on trees Decoration * Trim (sewing), or ...

) can improve performance of SSD drives. But this is also supported with

dm-crypt dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike it ...

Random file access

Files can be accessed at random. You can, for example, skip to the middle of a very large encrypted video without decrypting the whole file.

Disadvantages

There are some drawbacks to using EncFS.

Compatibility

Mounted EncFS directories share the same features and restrictions as the filesystem containing the source directory.

No support for very long filenames

Due to encryption, the filenames for encrypted files produced by EncFS are longer than the original filenames. Therefore, filenames whose length is close to the maximum supported by the filesystem cannot be stored by EncFS, since they will exceed the length limit after encryption. Most filesystems limit filenames to 255 bytes; in that case, EncFS only supports filenames up to 190 bytes.

General security concerns

Anyone having access to the source directory is able to see how many files are in the encrypted filesystem, what permissions they have, their approximate size, and the last time they were accessed or modified, though the file names and file data are encrypted.

EncFS 1.7 security concerns

A paid security audit was conducted in February 2014, which revealed several potential vulnerabilities. It concludes:

EncFS 1.8 security concerns

The announcement of EncFS 1.8 included several underlying design changes, acknowledging the security concerns raised in the previous audit. However, certain concerns still remain regarding those vulnerabilities.

Filesystem options

When creating a new EncFS volume, several different options are available to customize the filesystem to suit various needs.

Cipher algorithm

EncFS uses whatever ciphers it is able to locate in various encryption libraries on the system.

Blowfish Tetraodontidae is a family of primarily marine and estuarine fish of the order Tetraodontiformes. The family includes many familiar species variously called pufferfish, puffers, balloonfish, blowfish, blowies, bubblefish, globefish, swellfis ...

and AES are typically available. The cipher key length (keySize) can be selected for ciphers that support variable key lengths.

Block size

Each file is encrypted in blocks, and this option controls what size those blocks are. Each time a single byte is read the entire block it is contained in must be decrypted. Likewise, for each write the block must be decrypted, altered, and re-encrypted. The default block size of 1024 is sufficient for most purposes.

Filename encoding

Filenames in the source directory can be plain or encrypted in block or stream mode. Block mode obscures the filename length somewhat, while stream mode keeps them as short as possible, which might save space on the source directory's filesystem depending on how that filesystem manages the directory tree.

Filename IV chaining

When enabled, the

initialization vector In cryptography, an initialization vector (IV) or starting variable (SV) is an input to a cryptographic primitive being used to provide the initial state. The IV is typically required to be random or pseudorandom, but sometimes an IV only needs to ...

for filename encryption is derived from the file's parent directories, causing two files with the same name — but in different directories — to have different encrypted filenames. If a directory is renamed, all files and directories contained therein will need to have their encrypted filenames re-encrypted, which can be an expensive operation. This option should be disabled if heavily populated directories will be renamed often.

Per-file IV initialization vector

When enabled, each file is encrypted with a random 8-byte initialization vector, which is stored within the encrypted file in the source directory. If this option is disabled, each file is encrypted with the same initialization vector, which can make the volume key easier to break. Enabling this option makes the filesystem more secure at the cost of an additional 8 bytes per file.

External IV chaining

Causes the file data initialization vector to be derived from the filename's initialization vector chain. The same data will be encrypted differently given a different filename or directory. Consequently, renaming a file when this mode is enabled requires that either the file's random initialization vector be offset by the change in the filename initialization vector chain, or the data be re-encoded. The authors of EncFS have chosen the former route as it is considerably faster, especially for large files.

Filename to IV header chaining

Makes encoding depend on the full pathname. So renaming or moving means reencoding. Hardlinks are not supported.

Block MAC headers

Stores a checksum with each encrypted block, causing corruption or modification of the encrypted files to be detected by EncFS. The checksum (blockMACBytes) is 8 bytes, and optionally up to 8 additional bytes of random data (blockMACRandBytes) can be added to each block to prevent two blocks with the same unencrypted data from having the same checksum. This option creates a large amount of CPU overhead, as each block's checksum must be calculated when data is read (to verify integrity) or written (to update the checksum).

References

External links

Encfs manpage

Safe: another per-file implementation for Windows and Mac OS X, with no kernel mode driver (slower), but fully open source

Boxcryptor: Proprietary software based on EncFS for Windows, Android, and iOS

EncFSMP: Implementation that runs on Windows and Mac OS X
{{DEFAULTSORT:Encfs Disk encryption Free special-purpose file systems Userspace file systems