EncFS provides an encrypted filesystem in user-space. It runs in userspace, using the FUSE library for the filesystem interface.
EncFS encrypts individual files, by translating all requests for the virtual EncFS filesystem into the equivalent encrypted operations on the raw filesystem.
As with most encrypted filesystems, EncFS is meant to provide security against off-line attacks; i.e. your notebook or backups fall into the wrong hands, etc. The way EncFS works is different from the “loopback” encrypted filesystem support built into the Linux kernel because it works on files at a time, not an entire block device.
EncFS has been dormant for a while.
- Reverse mode – provides an encrypted view of an unencrypted folder. This enables encrypted remote backups using standard tools like rsync.
- Faster than ecryptfs for stat()-heavy workloads when the backing device is a classical hard disk. This is because ecryptfs has to to read each file header to determine the file size – EncFS does not.
- Works on top of network filesystems such as NFS and CIFS.
- Uses PBKDF2 for password hashing.
- File contents:
- Uses CBC; last block CFB for encryption.
- Uses HMAC for integrity.
- File names:
- Uses CBC for encryption.
- Supports hard links and extended attributes.
|Read our complete collection of recommended free and open source software. The collection covers all categories of software.
The software collection forms part of our series of informative articles for Linux enthusiasts. There's tons of in-depth reviews, alternatives to Google, fun things to try, hardware, free programming books and tutorials, and much more.