Re-design of the original CryFS code to work as a library.
Go to file
2017-09-18 20:58:07 +01:00
.circleci CircleCI cache depends on build type 2017-09-18 20:58:07 +01:00
cpack Update CMakeLists.txt (#168) 2017-09-02 10:04:20 +01:00
doc Small fixes in man page (e.g. CryFS doesn't allow empty passphrase currently) 2017-03-26 14:18:47 +01:00
src Remove BlockStoreWithRandomKeys 2017-09-18 20:42:07 +01:00
test Remove BlockStoreWithRandomKeys 2017-09-18 20:42:07 +01:00
vendor Re-establish compatibility with GCC 4.8 2017-09-10 13:35:07 +01:00
.gitignore fspp::Dir, fspp::File and fspp::Symlink don't inherit from fspp::Node anymore. This allows file systems to return a generic fspp::Node instead of a concrete subclass when the operation doesn't need to know what type of node it is. 2017-01-21 19:16:35 +00:00
.travis.yml Disable linux build on travis because we now have Circle CI 2017-09-18 20:44:46 +01:00
archive.sh archive.sh also creates a highly compressed .xz archive 2017-04-06 00:14:14 +01:00
ChangeLog.txt CryFS tells the operating system to not swap the encryption key to the disk (note: this is best-effort and cannot be guaranteed. Hibernation, for example, will still write the encryption key to the disk) 2017-09-05 00:43:43 +01:00
CMakeLists.txt Install man page 2017-03-26 14:08:47 +01:00
LICENSE Update LICENCE to LGPL 2015-03-12 16:21:53 +01:00
README.md Merge from develop 2017-09-16 17:14:51 +01:00
travis.install_boost.sh Install dependencies on Mac OS X Travis CI 2016-02-17 09:56:42 +01:00
utils.cmake Re-allow usage of boost 1.56 since we don't use boost::futures anymore 2017-08-31 23:58:57 +01:00

CryFS CircleCI

TODO: Update CI link to correct branch when merging next->develop or develop->master

CryFS encrypts your files, so you can safely store them anywhere. It works well together with cloud services like Dropbox, iCloud, OneDrive and others. See https://www.cryfs.org.

Install latest release

Easy install (Ubuntu and Debian)

wget -O - https://www.cryfs.org/install.sh | sudo bash

Manual install (Ubuntu)

# Add apt key
wget -O - https://www.cryfs.org/apt.key | sudo apt-key add -

# Add apt repository
sudo sh -c "echo \"deb http://apt.cryfs.org/ubuntu `lsb_release -s -c` main\" > /etc/apt/sources.list.d/cryfs.list"

# Install cryfs
sudo apt-get update
sudo apt-get install cryfs

Manual install (Debian)

# Add apt key
wget -O - https://www.cryfs.org/apt.key | sudo apt-key add -

# Add apt repository
sudo sh -c "echo \"deb http://apt.cryfs.org/debian `lsb_release -s -c` main\" > /etc/apt/sources.list.d/cryfs.list"

# Install cryfs
sudo apt-get update
sudo apt-get install cryfs

GUI

If you want to use a GUI to mount your CryFS volumes, take a look at the SiriKali project. You have to install the GUI and also CryFS itself for it to work.

Building from source

Requirements

  • Git (for getting the source code)
  • GCC version >= 4.8 or Clang >= 3.7
  • CMake version >= 2.8
  • libcurl4 (including development headers)
  • Boost libraries version >= 1.56 (including development headers)
    • filesystem
    • system
    • chrono
    • program_options
    • thread
  • Crypto++ version >= 5.6.3 (including development headers)
  • SSL development libraries (including development headers, e.g. libssl-dev)
  • libFUSE version >= 2.8.6 (including development headers), on Mac OS X instead install osxfuse from https://osxfuse.github.io/
  • Python >= 2.7

You can use the following commands to install these requirements

    # Ubuntu
    $ sudo apt-get install git g++ cmake make libcurl4-openssl-dev libboost-filesystem-dev libboost-system-dev libboost-chrono-dev libboost-program-options-dev libboost-thread-dev libcrypto++-dev libssl-dev libfuse-dev python

    # Fedora
    sudo dnf install git gcc-c++ cmake make libcurl-devel boost-devel boost-static cryptopp-devel openssl-devel fuse-devel python

    # Macintosh
    brew install cmake boost cryptopp openssl

Build & Install

  1. Clone repository

    $ git clone https://github.com/cryfs/cryfs.git cryfs
    $ cd cryfs
    
  2. Build

    $ mkdir cmake && cd cmake
    $ cmake ..
    $ make
    
  3. Install

    $ sudo make install
    

You can pass the following variables to the cmake command (using -Dvariablename=value):

  • -DCMAKE_BUILD_TYPE=[Release|Debug]: Whether to run code optimization or add debug symbols. Default: Release
  • -DBUILD_TESTING=[on|off]: Whether to build the test cases (can take a long time). Default: off
  • -DCRYFS_UPDATE_CHECKS=off: Build a CryFS that doesn't check online for updates and security vulnerabilities.

Troubleshooting

On most systems, CMake should find the libraries automatically. However, that doesn't always work.

  1. Boost headers not found

    Pass in the boost include path with

     cmake .. -DBoost_INCLUDE_DIRS=/path/to/boost/headers
    

    If you want to link boost dynamically (e.g. you don't have the static libraries), use the following:

     cmake .. -DBoost_USE_STATIC_LIBS=off
    
  2. Fuse/Osxfuse library not found

    Pass in the library path with

     cmake .. -DFUSE_LIB_PATH=/path/to/fuse/or/osxfuse
    
  3. Fuse/Osxfuse headers not found

    Pass in the include path with

     cmake .. -DCMAKE_CXX_FLAGS="-I/path/to/fuse/or/osxfuse/headers"
    
  4. CryptoPP library not found

    Pass in the library path with

     cmake .. -DCRYPTOPP_LIB_PATH=/path/to/cryptopp
    
  5. Openssl headers not found

    Pass in the include path with

     cmake .. -DCMAKE_C_FLAGS="-I/path/to/openssl/include"
    

Creating .deb and .rpm packages

There are additional requirements if you want to create packages. They are:

  • CMake version >= 3.3
  • rpmbuild for creating .rpm package
  1. Clone repository

    $ git clone https://github.com/cryfs/cryfs.git cryfs
    $ cd cryfs
    
  2. Build

    $ mkdir cmake && cd cmake
    $ cmake .. -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=off
    $ make package
    

Disclaimer

On the event of a password leak, you are strongly advised to create a new filesystem and copy all the data over from the previous one. Done this, all copies of the compromised filesystem and config file must be removed (e.g, from the "previous versions" feature of your cloud system) to prevent access to the key (and, as a result, your data) using the leaked password.