Re-design of the original gocryptfs code to work as a library.
Go to file
2015-09-06 12:16:34 +02:00
cryptfs Add OpenSSL support for file content encryption/decryption 2015-09-06 10:42:34 +02:00
frontend Add streaming read and write benchmarks 2015-09-06 11:42:01 +02:00
openssl_benchmark Add openssl_benchmark.bash script 2015-09-06 11:54:50 +02:00
.gitignore Rebase to cluefs 2015-09-04 20:37:37 +02:00
main_benchmark.bash Add streaming read and write benchmarks 2015-09-06 11:42:01 +02:00
main_test.go Add README.md 2015-09-06 12:12:14 +02:00
main.go Add README.md 2015-09-06 12:12:14 +02:00
README.md Add "go get" command to readme 2015-09-06 12:16:34 +02:00

GoCryptFS

A minimal encrypted overlay filesystem written in Go.

Built on top of the native Go FUSE library bazil.org/fuse and the ClueFS loopback file system.

Inspired by EncFS.

Design

  • Authenticated encryption of file contents using AES-GCM-128
  • 96 bit nonce that starts from a random value and counts up
  • uses openssl through spacemonkeygo/openssl for a 3x speedup compared to crypto/cipher
  • AES-CBC filename encryption

Current Status

  • Work in progress
  • Key is set to static all-zero
  • Not ready for anything but testing and debugging

Install

go get github.com/rfjakob/gocryptfs

Testing

Run ./main_benchmark.bash to run the test suite and the streaming read/write benchmark.

The output should look like this:

$ ./main_benchmark.bash
+ go build
+ go test -bench=.
PASS
BenchmarkStreamWrite	     100	  14062281 ns/op	  74.57 MB/s
BenchmarkStreamRead	     100	  11267741 ns/op	  93.06 MB/s
ok  	github.com/rfjakob/gocryptfs	7.569s