Securefs is a filesystem in userspace (FUSE) designed to provide transparent encryption when writing files and decryption when reading them. It mounts a regular directory onto a specified mount point, creating an encrypted virtual filesystem that appears as a standard storage location for users.
Key Features:
Authenticated Encryption: Ensures data integrity and security against chosen ciphertext attacks.
Probabilistic Encryption: Provides semantical security by encrypting similar plaintexts into different ciphertexts.
Cross-Platform Support: Works on major platforms, including Windows, Linux, macOS, and FreeBSD.
Efficient Cloud Synchronization: Avoids the use of single preallocated container files, enabling seamless syncing with cloud services.
Optional Random Padding: Obscures file sizes for enhanced privacy.
Case Sensitivity and Unicode Normalization Agnostic Modes: Offers flexibility in filesystem behavior to match common operating system defaults.
Audience & Benefit:
Ideal for users requiring secure storage of sensitive data, whether locally or in the cloud. Securefs simplifies encryption by integrating it seamlessly into everyday file operations, eliminating the need for manual encryption/decryption and reducing the risk of leaving plaintext traces on disk. It is particularly beneficial for those prioritizing privacy, such as individuals managing financial records, personal documents, or other confidential information.
Securefs can be installed via winget on Windows, ensuring easy setup for users seeking robust, transparent encryption without compromising convenience.
README
securefs
securefs is a filesystem in userspace (FUSE) with transparent encryption (when writing) and decryption (when reading).
securefs mounts a regular directory onto a mount point. The mount point appears as a regular filesystem, where one can read/write/create files, directories and symbolic links. The underlying directory will be automatically updated to contain the encrypted and authenticated contents.
Motivation
From sensitive financial records to personal diaries and collection of guilty pleasures, we all have something to keep private from prying eyes. Especially when we store our files in the cloud, the company and the NSA may well get their hands upon it. The best protection we can afford ourselves is cryptography, the discipline developed by mathematicians and military originally to keep the national secrets.
Security, however, is often at odds with convenience, and people easily grow tired of the hassle and revert to no protection at all. Consider the case of protecting our files either locally or in the cloud: we have to encrypt the files before committing to the cloud and decrypt it every time we need to read and write. Worse still, such actions leave unencrypted traces on our hard drive. If we store data in the cloud, another issue arise: manual encryption and decryption prevent files from being synced efficiently.
securefs is intended to make the experience as smooth as possible so that the security and convenience do not conflict. After mounting the virtual filesystem, everything just works™.
Comparison
There are already many encrypting filesystem in widespread use. Some notable ones are TrueCrypt, FileVault, BitLocker, eCryptFS, encfs, cryfs, rclone and gocryptfs. securefs differs from them in that it is the only one with all of the following features:
It is recommended to disable or encrypt the swap and hibernation file. Otherwise plaintext and keys stored in the main memory may be written to disk by the OS at any time.
Examples:
# Help commands
securefs --help
securefs m --help
securefs c --help
# Creation
securefs create ~/Secret # Default parameters
securefs create ~/Secret --keyfile ./mykey # Use keyfile instead of password
securefs c ~/Secret --max-padding 65535 # Randomly pad each file with at most 65535 bytes to obfuscate its size
securefs c ~/Secret --format full # Full mode. See below for the meaning.
securefs c ~/Secret --format full --case insensitive # Like NTFS
securefs c ~/Secret --format full --uninorm insensitive # Like APFS
# Mounting
securefs mount ~/Secret ~/Mount # press Ctrl-C to unmount
securefs mount ~/Secret ~/Mount --keyfile ./mykey # press Ctrl-C to unmount
# Mount in the background (no-op on Windows). Use `umount` to unmount.
securefs m -b ~/Secret ~/Mount --log ~/securefs.thismaycontainsensitiveinformation.log
securefs m --plain-text-names ~/Secret ~/Mount # Do not encrypt the filenames
securefs m ~/Secret Z: # Windows only
# Change password
securefs chpass ~/Secret
SiriKali is a GUI frontend for securefs (and several other filesystems).
Note: this is informational only. The author of securefs has never tried SiriKali or vetted its code.
Lite and full mode
There are two categories of filesystem format.
The lite format simply encrypts filenames and file contents separately, similar to how encfs operates, although with more security.
The full format maps files, directory and symlinks in the virtual filesystem all to regular files in the underlying filesystem. The directory structure is flattened and recorded as B-trees in files.
The lite format is the default as it is much faster and features easier conflict resolution, especially when used with DropBox, Google Drive, etc. The full format, however, leaks fewer information about the filesystem hierarchy, runs relatively independent of the features of the underlying filesystem, and is in general more secure.
To request full format, which is no longer the default, run securefs create --format full.
If you store securefs encrypted files on iCloud Drive, it might cause Spotlight Search on iOS to stop working. It is a bug in iOS, not in securefs.
To work around that bug, you can disable the indexing of Files app in Settings -> Siri & Suggestions.
Crash resistance
If securefs exits abnormally, or if the computer suddenly powers down, we have only the following guarantees (assuming the underlying filesystem isn't corrupted)
Files not being written will never be corrupted.
In lite format, the directory structure and file names will not be corrupted, unless the file name is a long name.
In full format, the directory structure and file names may be corrupted, but the files themselves can be recovered even in this case.
