gocryptfs is an encrypted overlay filesystem. Encrypted files are stored in CIPHERDIR, and a plain-text view can be presented by mounting the filesystem at MOUNTPOINT.
gocryptfs uses file-based encryption that is implemented as a mountable FUSE filesystem. Each file in gocryptfs is stored one corresponding encrypted file on the hard disk. The screenshot below shows a mounted gocryptfs filesystem (left) and the encrypted files (right).
The encrypted files can be stored in any folder on your hard disk, a USB stick or even inside the Dropbox folder. One advantage of file-based encryption as opposed to disk encryption is that encrypted files can be synchronised efficiently using standard tools like Dropbox or rsync. Also, the size of the encrypted filesystem is dynamic and only limited by the available disk space.
gocryptfs builds on well-known cryptographic primitives: scrypt for key derivation, AES-GCM for file content encryption and, as a world’s first for encrypted filesystems, EME wide-block encryption for file name encryption.
In reverse mode, gocryptfs provides an encrypted view of a plain-text directory. The primary use-case are encrypted backups.
To make reverse mode useful, it uses deterministic encryption using AES-SIV instead of AES-GCM.
gocryptfs was inspired by encfs and strives to fix its security issues while providing good performance.
gocryptfs is free and open source software.
Key Features
- File contents:
- Uses scrypt for password hashing.
- Uses GCM for encryption and integrity.
- File names:
- Uses EME for encrpytion.
- Supports hard links, extended attributes, fallocate, fallocate KEEP_SIZE, and fallocate PUNCH_HOLE.
Website: nuetzlich.net/gocryptfs
Support: GitHub Code Repository
Developer: Jakob Unterwurzacher
License: MIT License
gocryptfs is written in Go. Learn Go with our recommended free books and free tutorials.
Related Software
| Encrypted FUSE-based file systems | |
|---|---|
| Cryptomator | Multi-platform transparent client-side encryption of files in the cloud |
| gocryptfs | Encrypted overlay filesystem written in Go |
| CryFS | Cryptographic filesystem for the cloud |
| securefs | Authenticated and probabilistic encryption with efficient cloud synchronization |
| EncFS | Encrypted filesystem in user-space |
Read our verdict in the software roundup.
| Disk Encryption Tools | |
|---|---|
| VeraCrypt | Strong disk encryption software |
| loop-AES | Encrypt disk partitions, removable media, swap space and other devices |
| dm-crypt | Transparent disk encryption subsystem |
| GnuPG | GNU Privacy Guard - implementation of the OpenPGP standard |
| GocryptFS | Encrypted overlay filesystem written in Go |
| cryptsetup | Configures encrypted block devices |
| Tomb | System for file encryption |
| Shufflecake | Create multiple hidden volumes |
| zuluCrypt | Feature rich solution for hard drive encryption |
| cryptmount | Managing encrypted file systems |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Know a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |