Home

Awesome

gocryptfs CI MIT License Go Report Card Latest release Homebrew version

An encrypted overlay filesystem written in Go. Official website: https://nuetzlich.net/gocryptfs (markdown source).

Folders side-by-side animation

gocryptfs is built on top the excellent go-fuse FUSE library. This project was inspired by EncFS and strives to fix its security issues while providing good performance (benchmarks). For details on the security of gocryptfs see the Security design document.

All tags from v0.4 onward are signed by the gocryptfs signing key. Please check Signed Releases for details.

Current Status

gocryptfs has reached version 1.0 on July 17, 2016. It has gone through hours and hours of stress (fsstress, extractloop.bash) and correctness testing (xfstests). It is now considered ready for general consumption.

The old principle still applies: Important data should have a backup. Also, keep a copy of your master key (printed on mount) in a safe place. This allows you to access the data even if the gocryptfs.conf config file is damaged or you lose the password.

The security of gocryptfs has been audited in March 3, 2017. The audit is available here (defuse.ca).

Platforms

Linux is gocryptfs' native platform.

Beta-quality macOS support is available, which means most things work fine but you may hit an occasional problem. Check out ticket #15 for the history of macOS support but please create a new ticket if you hit a problem.

For Windows, an independent C++ reimplementation can be found here: cppcryptfs

A standalone Python tool that can decrypt files & file names is here: gocryptfs-inspect

Installation

Precompiled binaries that work on all x86_64 Linux systems are available for download from the github releases page. The fuse package from your distribution must be installed for mounting to work.

gocryptfs is also available as a package in most distributions. Examples:

See the Quickstart page for more info.

Testing

gocryptfs comes with is own test suite that is constantly expanded as features are added. Run it using ./test.bash. It takes about 1 minute and requires FUSE as it mounts several test filesystems.

The stress_tests directory contains stress tests that run indefinitely.

In addition, I have ported xfstests to FUSE, the result is the fuse-xfstests project. gocryptfs passes the "generic" tests with one exception, results: XFSTESTS.md

A lot of work has gone into this. The testing has found bugs in gocryptfs as well as in the go-fuse library.

Compile

Install Go 1.13 or higher:

Then, download the source code and compile:

$ git clone https://github.com/rfjakob/gocryptfs.git
$ cd gocryptfs
$ ./build-without-openssl.bash

This will compile a static binary that uses the Go stdlib crypto backend.

If you want to use the OpenSSL crypto backend (faster on old CPUs lacking AES-NI), you have to install a few dependencies:

Then, run:

$ ./build.bash

Use

$ mkdir cipher plain
$ ./gocryptfs -init cipher
$ ./gocryptfs cipher plain

See the Quickstart page for more info.

The MANPAGE.md describes all available command-line options.

Use: Reverse Mode

$ mkdir cipher plain
$ ./gocryptfs -reverse -init plain
$ ./gocryptfs -reverse plain cipher

Graphical Interface

The SiriKali project supports gocryptfs and runs on Linux and OSX.

cppcryptfs on Windows provides its own GUI.

Stable CLI ABI

If you want to call gocryptfs from your app or script, see CLI_ABI.md for the official stable ABI. This ABI is regression-tested by the test suite.

Storage Overhead

file-format.md contains a more detailed description.

Performance

Since version 0.7.2, gocryptfs is as fast as EncFS in the default mode, and significantly faster than EncFS' "paranoia" mode that provides a security level comparable to gocryptfs.

On CPUs without AES-NI, gocryptfs uses OpenSSL through a thin wrapper called stupidgcm. This provides a 4x speedup compared to Go's builtin AES-GCM implementation. See CPU-Benchmarks for details, or run gocryptfs -speed to see the encryption performance of your CPU. Example for a CPU with AES-NI:

$ ./gocryptfs -speed
gocryptfs v2.2.0-beta1-5-g52b0444-dirty; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-14 go1.17.1 linux/amd64
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz; with AES acceleration
AES-GCM-256-OpenSSL              862.79 MB/s
AES-GCM-256-Go                   997.71 MB/s    (selected in auto mode)
AES-SIV-512-Go                   159.58 MB/s
XChaCha20-Poly1305-OpenSSL   729.65 MB/s
XChaCha20-Poly1305-Go            843.97 MB/s    (selected in auto mode)

You can run ./benchmark.bash to run gocryptfs' canonical set of benchmarks that include streaming write, extracting a linux kernel tarball, recursively listing and finally deleting it. The output will look like this:

$ ./benchmark.bash
Testing gocryptfs at /tmp/benchmark.bash.xFD: gocryptfs v2.0; go-fuse v2.1.1-0.20210508151621-62c5aa1919a7; 2021-06-06 go1.16.5 linux/amd64
WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,698174 s, 375 MB/s
READ:  262144000 bytes (262 MB, 250 MiB) copied, 0,268916 s, 975 MB/s
UNTAR: 8,970
MD5:   4,846
LS:    1,851
RM:    2,367

Changelog

v2.4.0, 2023-06-10

v2.3.2, 2023-04-29

v2.3.1, 2023-03-04

v2.3.0, 2022-10-21

v2.3, 2022-08-28

v2.2.1, 2021-10-20

v2.2.0, 2021-09-25

v2.1, 2021-08-18

v2.0.1, 2021-06-07

v2.0, 2021-06-05

v2.0-beta4, 2021-05-15

v2.0-beta3, 2021-04-24

v2.0-beta2, 2020-11-14

v2.0-beta1, 2020-10-15

v1.8.0, 2020-05-09

v1.7.1, 2019-10-06

v1.7, 2019-03-17

v1.6.1, 2018-12-12

v1.6, 2018-08-18

v1.5, 2018-06-12

v1.4.4, 2018-03-18

v1.4.3, 2018-01-21

v1.4.2, 2017-11-01

v1.4.1, 2017-08-21

v1.4, 2017-06-20

v1.3, 2017-04-29

v1.2.1, 2017-02-26

v1.2, 2016-12-04

v1.1.1, 2016-10-30

v1.1, 2016-10-19

v1.0, 2016-07-17

v0.12, 2016-06-19

v0.11, 2016-06-10

v0.10, 2016-05-30

v0.9, 2016-04-10

v0.8, 2016-01-23

v0.7.2, 2016-01-19

v0.7.1, 2016-01-09

v0.7, 2015-12-20

v0.6, 2015-12-08

v0.5.1, 2015-12-06

v0.5, 2015-12-04

v0.4, 2015-11-15

v0.3, 2015-11-01

v0.2, 2015-10-11

v0.1, 2015-10-07