hardcoresushi/libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

README: Describe storage overhead

Browse Source
This commit is contained in:
Jakob Unterwurzacher 2015-11-01 12:14:59 +01:00
parent 902babdf22
commit 0a4aa4b427
1 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
README.md
View File

@ -1,6 +1,6 @@
GoCryptFS [![Build Status](https://travis-ci.org/rfjakob/gocryptfs.svg?branch=master)](https://travis-ci.org/rfjakob/gocryptfs) GoCryptFS [![Build Status](https://travis-ci.org/rfjakob/gocryptfs.svg?branch=master)](https://travis-ci.org/rfjakob/gocryptfs)
============== ==============
An encrypted overlay filesystem focused on security and correctness. An encrypted overlay filesystem written in Go.
gocryptfs is built on top the excellent gocryptfs is built on top the excellent
[go-fuse](https://github.com/hanwen/go-fuse) FUSE library and its [go-fuse](https://github.com/hanwen/go-fuse) FUSE library and its
@ -8,20 +8,19 @@ LoopbackFileSystem API.
This project was inspired by [EncFS](https://github.com/vgough/encfs) This project was inspired by [EncFS](https://github.com/vgough/encfs)
and strives to fix its security issues (see EncFS tickets 9, 13, 14, 16). and strives to fix its security issues (see EncFS tickets 9, 13, 14, 16).
For details on the security of GoCryptFS see the For details on the security of gocryptfs see the
[SECURITY.md](SECURITY.md) document. [SECURITY.md](SECURITY.md) document.
Current Status Current Status
-------------- --------------
* First public release * Feature-complete and working
* Feature-complete
* Passes the fuse-xfstests "generic" tests with one exception, results: [XFSTESTS.md](XFSTESTS.md) * Passes the fuse-xfstests "generic" tests with one exception, results: [XFSTESTS.md](XFSTESTS.md)
* A lot of work has gone into this. The testing has found bugs in gocryptfs * A lot of work has gone into this. The testing has found bugs in gocryptfs
as well as in go-fuse. as well as in go-fuse.
* The one exceptions generic/035. This is a limitation in go-fuse, * The one exception is generic/035. This is a limitation in go-fuse,
check out https://github.com/hanwen/go-fuse/issues/55 for details. check out https://github.com/hanwen/go-fuse/issues/55 for details.
* However, gocryptfs needs more real-world testing - please report any issues via github. * However, gocryptfs needs more real-world testing - please report any issues via github.
* Only Linux operation has been tested. Help wanted for a Mac OS X port. * Only Linux operation has been tested. Help wanted for Mac OS X verification.
Install Install
------- -------
@ -43,12 +42,18 @@ Use
-rw-rw-r--. 1 user user 233 7. Okt 23:23 gocryptfs.conf -rw-rw-r--. 1 user user 233 7. Okt 23:23 gocryptfs.conf
$ fusermount -u plain $ fusermount -u plain
Storage Overhead
----------------
* Empty files take 0 bytes on disk
* 18 byte file header for non-empty files (2 bytes version, 16 bytes random file id)
* 28 bytes of storage overhead per 4kB block (12 byte nonce, 16 bytes auth tag)
Performance Performance
----------- -----------
* 28 bytes of storage overhead per block (16 bytes auth tag, 12 byte nonce) * uses openssl through [spacemonkeygo/openssl](https://github.com/spacemonkeygo/openssl)
* uses openssl through [spacemonkeygo/openssl](https://github.com/spacemonkeygo/openssl) for a 3x speedup compared to `crypto/cipher` (see [go-vs-openssl.md](openssl_benchmark/go-vs-openssl.md) for details
for a 3x speedup compared to `crypto/cipher` (see [go-vs-openssl.md](openssl_benchmark/go-vs-openssl.md) for details
Run `./benchmark.bash` to run the test suite and the streaming read/write Run `./benchmark.bash` to run the test suite and the streaming read/write
benchmark. The benchmark is run twice, first with native Go crypto and benchmark. The benchmark is run twice, first with native Go crypto and