gocryptfs is built on top the excellent
go-fuse FUSE library.
This project was inspired by EncFS and strives to fix its security
issues while providing good performance
(benchmarks).
For details on the security of gocryptfs see the
Security design document.
All tags from v0.4 onward are signed by the gocryptfs signing key.
Please check Signed Releases
for details.
Current Status
gocryptfs has reached version 1.0 on July 17, 2016. It has gone through
hours and hours of stress (fsstress, extractloop.bash) and correctness
testing (xfstests). It is now considered ready for general consumption.
The old principle still applies: Important data should have a backup.
Also, keep a copy of your master key (printed on mount) in a safe place.
This allows you to access the data even if the gocryptfs.conf config
file is damaged or you lose the password.
The security of gocryptfs has been audited in March 3, 2017. The audit
is available here (defuse.ca).
Platforms
Linux is gocryptfs' native platform.
Beta-quality macOS support is available, which means most things work
fine but you may hit an occasional problem. Check out
ticket #15 for the history
of macOS support but please create a new ticket if you hit a problem.
For Windows, an independent C++ reimplementation can be found here:
cppcryptfs
A standalone Python tool that can decrypt files & file names is here:
gocryptfs-inspect
Installation
Precompiled binaries that work on all x86_64 Linux systems are available
for download from the github releases page. The fuse package from your
distribution must be installed for mounting to work.
gocryptfs is also available as a package in most distributions. Examples:
gocryptfs comes with is own test suite that is constantly expanded as features are
added. Run it using ./test.bash. It takes about 1 minute and requires FUSE
as it mounts several test filesystems.
The stress_tests directory contains stress tests that run indefinitely.
In addition, I have ported xfstests to FUSE, the result is the
fuse-xfstests project. gocryptfs
passes the "generic" tests with one exception, results: XFSTESTS.md
A lot of work has gone into this. The testing has found bugs in gocryptfs
as well as in the go-fuse library.
Compile
Install Go 1.13 or higher:
Debian/Ubuntu: apt install golang
Fedora: dnf install golang
Then, download the source code and compile:
$ git clone https://github.com/rfjakob/gocryptfs.git
$ cd gocryptfs
$ ./build-without-openssl.bash
This will compile a static binary that uses the Go stdlib crypto backend.
If you want to use the OpenSSL crypto backend (faster on
old CPUs lacking AES-NI), you have to install a few dependencies:
Since version 0.7.2, gocryptfs is as fast as EncFS in the default mode,
and significantly faster than EncFS' "paranoia" mode that provides
a security level comparable to gocryptfs.
On CPUs without AES-NI, gocryptfs uses OpenSSL through a thin wrapper called stupidgcm.
This provides a 4x speedup compared to Go's builtin AES-GCM
implementation. See CPU-Benchmarks
for details, or run gocryptfs -speed to see the encryption performance of your CPU.
Example for a CPU with AES-NI:
$ ./gocryptfs -speed
gocryptfs v2.2.0-beta1-5-g52b0444-dirty; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-14 go1.17.1 linux/amd64
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz; with AES acceleration
AES-GCM-256-OpenSSL 862.79 MB/s
AES-GCM-256-Go 997.71 MB/s (selected in auto mode)
AES-SIV-512-Go 159.58 MB/s
XChaCha20-Poly1305-OpenSSL 729.65 MB/s
XChaCha20-Poly1305-Go 843.97 MB/s (selected in auto mode)
You can run ./benchmark.bash to run gocryptfs' canonical set of
benchmarks that include streaming write, extracting a linux kernel
tarball, recursively listing and finally deleting it. The output will
look like this:
Add -longnamemax flag to -init (#499).
Can be used to work around file or path length restrictions on online storage.
See the man page
for details.
v2.2.1, 2021-10-20
Fix -force_owner only taking effect after 2 seconds (#609).
This was a regression introduced in v2.0.
MacOS: Fix build.bash failure with error date: illegal option -- - when SOURCE_DATE_EPOCH is set
(#570)
-init: suggest xchacha on CPUs without AES acceleration (commit)
-info: add contentEncryption to output
v2.2.0, 2021-09-25
-deterministic-names: new option for -init, both for reverse and forward mode.
Disables file name randomisation & gocryptfs.diriv files
(#151, #402, #592)
New feature flag! You need gocryptfs v2.2 or higher to mount a filesystem that uses this flag.
-xchacha: new option for -init (forward mode only). Selects XChaCha20-Poly1305 for content encryption.
Gives much better performance on CPUs without AES acceleration
(#452).
New feature flag! You need gocryptfs v2.2 or higher to mount a filesystem that uses this flag.
Test with gocryptfs -speed what is fastest for your CPU, or read here
Rewrite OpenSSL backend
for better performance on AES-GCM-256-OpenSSL and XChaCha20-Poly1305-OpenSSL
-serialize_reads: get rid of delay logic by taking advantage of the kernel flag
FUSE_CAP_ASYNC_READ
(go-fuse commit,
gocryptfs commit)
Fix reverse mode sometimes remapping most inode numbers to >281474976710656 (commit)
This version will be called v2.2.0 (instead of v2.2) to comply with
the Go module versioning convention.
Later releases will also follow the convention.
v2.1, 2021-08-18
-fido2: do not request PIN on gocryptfs -init fixing FIDO_ERR_UNSUPPORTED_OPTION with YubiKey
(#571)
go-fuse: track most recent parent. This improves robustness when the filesystem is modified behind
the back of gocryptfs. Helps both with -sharedstorage and also without.
(commit 1,
commit 2,
#549)
Add directory fd caching for 2x - 3x speed boost in small file ops compared to v2.0-beta2
(performance numbers)
Warning 2021-02-07: This feature is incomplete! Do not use ACLs before gocryptfs v2.0 final!
Reading and writing ACLs works, but they are not enforced or inherited (#542)
Has been disabled since v1.7 due to issues a third-party module.
Please use FIDO2 instead (gocryptfs v2.0)
v1.7.1, 2019-10-06
Support wild cards in reverse mode via --exclude-wildcard
(#367). Thanks @ekalin!
Create gocryptfs.diriv files with 0440 permissions to make it easier to
share an encrypted folder via a network drive
(#387).
Note: as a security precaution, the owner must still manually
chmod gocryptfs.conf 0440 to allow mounting.
Allow the nofail option in /etc/fstab
-passwd can now change the -scryptn parameter for existing filesystems
(#400)
Fix -idle unmounting the filesystem despite recent activity
(#421)
Fix a race condition related to inode number reuse
(#363).
It could be triggered by concurrently creating and deleting files and can lead to data loss
in the affected file. This bug was found by the automated tests on Travis
and was very hard to trigger locally.
tests: use /var/tmp instead of /tmp by default
(commit 8c4429)
v1.7, 2019-03-17
Fix possible symlink race attacks in forward mode when using allow_other + plaintextnames
If you use both-allow_otherand-plaintextnames, you should upgrade.
Malicious users could trick gocryptfs into modifying files outside of CIPHERDIR,
or reading files inside CIPHERDIR that they should not have access to.
If you do not use -plaintextnames (disabled per default), these attacks do
not work as symlinks are encrypted.
Forward mode has been reworked to use the "*at" family of system calls everywhere
(Openat/Unlinkat/Symlinkat/...).
As a result, gocryptfs may run slightly slower, as the caching logic has been
replaced and is very simple at the moment.
The possibility for such attacks was found during an internal code review.
Reverse mode: fix excluded, unaccessible files showing up in directory listings
(#285,
#286)
gocryptfs-xray: add -aessiv flag for correctly parsing AES-SIV format files
(#299)
Ensure that standard fds 0,1,2 are always initialized
(#320).
Prevents trouble in the unlikely case that gocryptfs is called with
stdin,stdout and/or stderr closed.
-extpass now can be specified multiple times to support arguments containing spaces
(#289)
Drop Fstatat, Mkdirat, Syslinkat, Fchownat, Unlinkat, Renameat, Openat emulation of MacOS
and instead use native functions (thanks @slackner !)
Use Setreuid to robustly set the owner with allow_other (@slackner,
(commit))
Pack the rendered man page into the source code archive for user convenience
(issue 355)
Disable Trezor support again (commit 16fac26c57ba303bf60266d24c17f5243e5ea376)
Trezor support has been broken since Sept 2018 due to issues
in a third-party module (#261)
v1.6.1, 2018-12-12
Fix "Operation not supported" chmod errors on Go 1.11
(#271)
v1.6, 2018-08-18
Add -e / -exclude option for reverse mode
(#235,
commit)
Add support for the Trezor One HSM PR#247, thanks @xaionaro!
Use ./build.bash -tags enable_trezor to compile with Trezor support
Then, use gocryptfs -init -trezor to create a filesystem locked with a physical Trezor device.
Note 2021-01-31: Support was removed again in gocryptfs v1.7. Please use -fido2 in gocryptfs v2.0.
From gocryptfs v1.4, I will only release statically-built binaries.
These support all Linux distributions but cannot use OpenSSL.
OpenSSL is still supported - just compile from source!
Add -force_owner option to allow files to be presented as owned by a
different user or group from the user running gocryptfs. Please see caveats
and guidance in the man page before using this functionality.
Implement path decryption via ctlsock (#84).
Previously, decryption was only implemented for reverse mode. Now both
normal and reverse mode support both decryption and encryption of
paths via ctlsock.
Add more specific exit codes for the most common failure modes,
documented in CLI_ABI.md
Reverse mode: make sure hard-linked files always return the same
ciphertext
(commit 9ecf2d1a)
请发表评论