Using EncFS to encrypt some of your files

Posted on 02.11.2008 by Kim N. Lesmer.
EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface.

EncFS

Update 2016: According to a security audit by Taylor Hornby (Defuse Security), the current implementation of Encfs is vulnerable or potentially vulnerable to multiple types of attacks. For example, an attacker with read/write access to encrypted data might lower the decryption complexity for subsequently encrypted data without this being noticed by a legitimate user, or might use timing analysis to deduce information. Until these issues are resolved, encfs should not be considered a safe home for sensitive data in scenarios where such attacks are possible.

EncFS is meant to provide security against off-line attacks, ie your notebook or backups fall into the wrong hands, etc. The way EncFS works is different from the "loopback" encrypted filesystem support built into the Linux kernel because it works on files, not an entire block device.

Extended information from the EncFS website:

Pass-through filesystem vs encrypted block device

The pass-through filesystem design is not new for encrypted filesystems. EncFS is modeled after CFS - the original Cryptographic Filesystem by Matt Blaze, published in 1993. Over the years, other filesystems have extended the basic ideas behind CFS in different ways (such as TCFS in 1996). As part of this family of filesystems, EncFS shares the same basic strengths and weaknesses compared to block encryption devices.

Advantages of pass-thru system vs an encrypted block device:

  • Size: an empty EncFS filesystem consists of a couple dozen bytes and can grow to any size without needing to be reformatted. With a loopback encrypted filesystem, you allocate a filesystem ahead of time with the size you want. Depending on the filesystem, there may be ways of resizing it later, but that requires user intervention.
  • Automated Backups: An EncFS filesystem can be backed-up on a file-by-file basis. A backup program can detect which files have changed, even though it won't be able to decipher the files. This way backups can be made without needing to mount the encrypted filesystem.
  • Layering / Separation of Trust: EncFS can be layered on top of other filesystems in order to add encryption to unencrypted filesystems. This also allows you to store data on filesystems you trust for storage but not for security. For example, EncFS could be used on top of a CD, or a remote NFS filesystem, Samba share, or perhaps even GMail storage using GMailFS.

Disadvantages - Meta-data remains visible to anyone with access to your encrypted files. This means that Encfs does not encrypt or otherwise hide the following information:

  • The number of files you have encrypted.
  • The permissions on the files (readable, writable, executable).
  • The size of each file.
  • The approximate size of each filename (to within 16 bytes using AES, or 8 bytes using Blowfish).

You should choose which type of encrypted filesystem to use based on whether the advantages list outweighs the disadvantages for your needs. I have seen one anonymous comparison site discount all file based encryption methods because they do not encrypt swap space. This is poor reasoning: using an encrypted block device does not automatically give you any security on your swap disk. Setting up a swap space encryption is completely separate from setting up a filesystem encryption, so the appropriate tool should be chosen for each task.

Installation

On Debian you install EncFS with the following command:

# apt-get install encfs

Next you have to make sure that the user, who is going to use the EncFS filesystem, is added to the fuse group.

# adduser USERNAME fuse

Usage

You can now create two directories and mount the first on the second. The first directory will serve as a doorway into the second, the second will be encrypted.

$ mkdir encrypted
$ mkdir decrypted
$ encfs /home/username/encrypted /home/username/decrypted

Follow the instructions for setting up your password etc.

You are now ready to use your encrypted file space. Add some files into the directory "decrypted", and take a look inside the directory "encrypted". Inside the "encrypted" directory the files will be encrypted.

When you are done you unmount the directory with the command:

$ fusermount -u /home/username/decrypted

You are now left with the directory "encrypted" that contains the encrypted files.

From the EncFS website:

Nobody should need to warn you that you should keep backups of important data. Storing data in an encrypted filesystem makes it even more important that you keep backups because it complicates the possibility of data recovery! I can't remember the last time I had to dig out my backups, and I use encfs everyday. But bugs have been found in the past, so I try and remember to make backups periodically even though I don't expect to ever use them (at least not until my hard drive fails).

Note about backups: In order to decrypt a file, two things are required (besides the encrypted file data): the password, and the ".encfs6.xml" control file at the top level of the raw encfs filesystem.

The control file contains the filesystem parameters, in addition to encrypted key data which is different for every filesystem. You need both the password and this control file in order to access the data. If you loose either one, there isn't anything I can do to help. Your password should be considered important data. If you're not sure you can remember it, then back it up (in a secure manner - either in a password keychain program, or in a secure location).

Notes

EncFS works great and it provides an easy way to encrypt your files without using block encryption. It is easy to use over NFS or SSHfs and you can also combine it with a revision control system.

You can copy the encrypted data onto a CD or DVD media, and you can also make it mount your USB drive for encryption.

Both AES and Blowfish are supported as the encryption algorithms.