Re-design of the original gocryptfs code to work as a library.
Go to file
Jakob Unterwurzacher 03502861ce Reword help text
2015-10-06 23:28:20 +02:00
cryptfs Use block number as authentication data 2015-10-06 22:27:37 +02:00
gocryptfs_main Reword help text 2015-10-06 23:28:20 +02:00
openssl_benchmark Clean up openssl benchmark 2015-10-04 21:21:32 +02:00
pathfs_frontend Use block number as authentication data 2015-10-06 22:27:37 +02:00
.gitignore Move main binary to gocryptfs_main 2015-10-05 20:32:10 +02:00
all.bash Implement proper daemonization 2015-10-06 00:31:18 +02:00
benchmark.bash Move main binary to gocryptfs_main 2015-10-05 20:32:10 +02:00
gocryptfs Add "--openssl=false" command line option 2015-10-06 20:24:52 +02:00
README.md Reword help text 2015-10-06 23:28:20 +02:00
SECURITY.md Split off SECURITY.md 2015-10-06 23:20:21 +02:00

GoCryptFS

An encrypted overlay filesystem focused on security and correctness.

gocryptfs is built on top the excellent go-fuse FUSE library and its LoopbackFileSystem API.

This project was inspired by EncFS and strives to fix its security issues (see EncFS tickets 9, 13, 14, 16). For details on the security of GoCryptFS see the SECURITY.md document.

Current Status

  • First public release
  • Feature-complete
  • Passes the xfstests "generic" tests

Install

go get github.com/rfjakob/gocryptfs

Performance

  • 28 bytes of storage overhead per block (16 bytes auth tag, 12 byte nonce)
  • uses openssl through spacemonkeygo/openssl for a 3x speedup compared to crypto/cipher (see go-vs-openssl.md) for details

Run ./benchmark.bash to run the test suite and the streaming read/write benchmark. The benchmark is run twice, first with native Go crypto and second using openssl.

The output should look like this:

$ ./benchmark.bash
[...]
BenchmarkStreamWrite	     100	  11816665 ns/op	  88.74 MB/s
BenchmarkStreamRead 	     200	   7848155 ns/op	 133.61 MB/s
ok  	github.com/rfjakob/gocryptfs	9.407s