vgough / encfs Goto Github PK

View Code? Open in Web Editor NEW

2.1K 83.0 276.0 15.75 MB

EncFS: an Encrypted Filesystem for FUSE.

Home Page: https://vgough.github.io/encfs/

License: Other

Perl 6.68% C++ 85.31% C 2.93% Shell 1.04% CMake 3.96% sed 0.07%

encfs's Introduction

EncFS - an Encrypted Filesystem

This project is NOT maintained. For details, see the Status section.

About

EncFS provides an encrypted filesystem in user-space. It runs in userspace, using the FUSE library for the filesystem interface. EncFS is open source software, licensed under the LGPL.

EncFS was first released in 2003, making it one of the earlier FUSE filesystems! I wrote it because I needed to encrypt my data while traveling, and the existing NFS and kernel-based encrypted filesystems such as CFS had not kept pace with Linux development. When FUSE became available, I wrote a CFS replacement for my own use and later released it to Open Source when it seemed stable.

EncFS encrypts individual files, by translating all requests for the virtual EncFS filesystem into the equivalent encrypted operations on the raw filesystem.

For more info, see:

The encfs manpage
The technical overview in DESIGN.md

Status

In the time since EncFS was written, a lot has changed in the security, privacy, and computing landscapes. Computing power has increased enormously over what a circa-2003 laptop can provide, and so it is no longer a performance burden to encrypt the entire filesystem of a personal device. Software encryption has also spread widely - data encryption is built into most systems and programs, so there is far less of a need to have a separate encryption system.

EncFS has been dormant for a long time now. I haven't used or worked on EncFS in many years. I've left the repository here because I don't want to prevent anyone from using it if they have a need that can't be met otherwise. I'm sure that I have some very old backups that would still require EncFS to access, so I expect that I might have to compile it again someday.

Don't expect any updates on this project. You're free to fork it, of course, but remember that this is a 20+yr old codebase which was only funded by personal interest, so I wouldn't expect it to live up to modern-day coding standards.

If you're considering setting up a new encrypted filesystem wrapper, I'd recommend looking into newer alternatives, such as the excellent GoCryptFS.

Thank you all for the early support, especially the FUSE author Miklos Szeredi, and all the interesting discussions at Open Source and Linux meetups over the years. Valient Gough May 2024

Unique Features

EncFS has a few features still not found anywhere else (as of Dec 2014) that may be interesting to you:

Reverse mode

encfs --reverse provides an encrypted view of an unencrypted folder. This enables encrypted remote backups using standard tools like rsync.

Fast on classical HDDs

EncFS is typically much faster than ecryptfs for stat()-heavy workloads when the backing device is a classical hard disk. This is because ecryptfs has to to read each file header to determine the file size - EncFS does not. This is one additional seek for each stat. See PERFORMANCE.md for detailed benchmarks on HDD, SSD and ramdisk.

Works on top of network filesystems

EncFS works on network file systems (NFS, CIFS...), while ecryptfs is known to still have problems.

Development

The master branch contains the latest stable codebase. This is where bug fixes and improvments should go.

The dev branch contains experimental work, some of which may be back-ported to the master branch when it is stable. The dev branch is not stable, and there is no guarantee of backward compatibility between changes.

Windows

EncFS works on Cygwin, there are also some Windows ports.

See the wiki for additional info.

FAQ

What settings should I use for Dropbox?

Use standard mode. There have been reports of a pathological interaction of paranoia mode with Dropbox' rename detection. The problem seems to be with External IV chaining, which is not active in standard mode.

encfs's People

Contributors

Stargazers

Watchers

Forkers

eugenesan aikhjarto kleopatra999 kissthink csleex doughdemon nagyist schalkpd ledest hurlebouc mingchen bjcubsfan wumms sir-brickalot fcand-anevia neuroradiology ekpresso li-vu lachesis digihash bleiding robbwagoner dougalb cutff im-bill basicscandal cybercameron rgwch cognitive-i olicmoon ashimidashajia neobelerophon alex1818 proventia cloehle lingrlongr yashodhank justsoso8 kronenpj jetwhiz brycv safari77 ichizok imac2009 cloudxtreme neurodroid matianfu magonzalezc javerous nullren fabwice joncampbell123 digideskio seebigsea incognitas rustyx jhepp hoxnox crossbuild veeara282 teotikalki jar1karp fabiopesaju jriversnow timoc nicolefinnie 15siegela bayun bhyvex guardianofknowledge ericthemagician rogeliodh wicadmin adolphlua jpdborgna alexjmitch code7r landonb andreamelloncelli charles-dyfis-net c3d sceptive brimston3 danim7 dinoboy197 antcc pendletong z80020100 ser0ja johbo thepicturesgotsmall duzhanyuan samrocketman osirisblack coding4fun2012 hughperkins coypoop erikman sunshuzhou rfjakob

encfs's Issues

Possible Out of Bounds Write in StreamNameIO and BlockNameIO

From: https://defuse.ca/audits/encfs.htm

There is a possible buffer overflow in the encodeName method of StreamNameIO and BlockNameIO. The methods write to the 'encodedName' argument without checking its length. This may allow an attacker with control over file names to crash EncFS or execute arbitrary code.

test script does not run on openSUSE 13.1

I'm using openSUSE 13.1 64-bit. With the latest 1.8 of encfs I'm able to compile and use encfs. Howerver the test script fails on my openSUSE with an "undefined" symbol error.

Build was done with:
autoreconf -fiv
./configure
make

Then encfs test was invoked with:
./encfs/test
Supported Crypto interfaces:
AES ( ssl/aes 3:0:2 ) : 16 byte block cipher

key length 128 to 256 , block size 64 to 4096
Blowfish ( ssl/blowfish 3:0:2 ) : 8 byte block cipher
key length 128 to 256 , block size 64 to 4096

Testing interfaces
AES, key length 128, block size 256: /home/thomas/home:Aikhjarto:branches:security/encfs/encfs-1.8/encfs/.libs/test: symbol lookup error: /home/thomas/home:Aikhjarto:branches:security/encfs/encfs-1.8/encfs/.libs/test: undefined symbol: _ZN12StreamNameIOC1ERKN3rel9InterfaceERKSt10shared_ptrI6CipherERKS4_I17AbstractCipherKeyE

Weird Errors depending on mount point

When I mount a stash on /mnt, all seems normal. When I mount on $HOME/dir, it raises errors.

Just posting the full commands & logs:

~/git/encfs/encfs/encfs -f -v /home/pp/encs /mnt
18:17:18 (main.cpp:532) Root directory: /home/pp/encs/
18:17:18 (main.cpp:533) Fuse arguments: (fg) (threaded) (keyCheck) lt-encfs /mnt -f -o use_ino -o default_permissions 
18:17:18 (FileUtils.cpp:174) version = 20
18:17:18 (FileUtils.cpp:177) found new serialization format
18:17:18 (FileUtils.cpp:191) subVersion = 20100713
18:17:18 (Interface.cpp:117) checking if ssl/aes(3:0:2) implements ssl/blowfish(3:0:0)
18:17:18 (Interface.cpp:117) checking if ssl/blowfish(3:0:2) implements ssl/blowfish(3:0:0)
18:17:18 (SSL_Cipher.cpp:335) allocated cipher ssl/blowfish, keySize 32, ivlength 8
18:17:18 (Interface.cpp:117) checking if ssl/aes(3:0:2) implements ssl/blowfish(3:0:0)
18:17:18 (Interface.cpp:117) checking if ssl/blowfish(3:0:2) implements ssl/blowfish(3:0:0)
18:17:18 (SSL_Cipher.cpp:335) allocated cipher ssl/blowfish, keySize 32, ivlength 8
18:17:18 (FileUtils.cpp:1535) useStdin: 0
EncFS Password: 
18:17:20 (Interface.cpp:117) checking if ssl/aes(3:0:2) implements ssl/blowfish(3:0:0)
18:17:20 (Interface.cpp:117) checking if ssl/blowfish(3:0:2) implements ssl/blowfish(3:0:0)
18:17:20 (SSL_Cipher.cpp:335) allocated cipher ssl/blowfish, keySize 32, ivlength 8
18:17:21 (FileUtils.cpp:1543) cipher key size = 44
18:17:21 (Interface.cpp:117) checking if nameio/block(4:0:2) implements nameio/block(3:0:0)

~/git/encfs/encfs/encfs -f -v /home/pp/encs /home/pp/q
18:15:36 (main.cpp:532) Root directory: /home/pp/encs/
18:15:36 (main.cpp:533) Fuse arguments: (fg) (threaded) (keyCheck) lt-encfs /home/pp/q -f -o use_ino -o default_permissions 
18:15:36 (FileUtils.cpp:174) version = 20
18:15:36 (FileUtils.cpp:177) found new serialization format
18:15:36 (FileUtils.cpp:191) subVersion = 20100713
18:15:36 (Interface.cpp:117) checking if ssl/aes(3:0:2) implements ssl/blowfish(3:0:0)
18:15:36 (Interface.cpp:117) checking if ssl/blowfish(3:0:2) implements ssl/blowfish(3:0:0)
18:15:36 (SSL_Cipher.cpp:335) allocated cipher ssl/blowfish, keySize 32, ivlength 8
18:15:36 (Interface.cpp:117) checking if ssl/aes(3:0:2) implements ssl/blowfish(3:0:0)
18:15:36 (Interface.cpp:117) checking if ssl/blowfish(3:0:2) implements ssl/blowfish(3:0:0)
18:15:36 (SSL_Cipher.cpp:335) allocated cipher ssl/blowfish, keySize 32, ivlength 8
18:15:36 (FileUtils.cpp:1535) useStdin: 0
EncFS Password: 
18:15:39 (Interface.cpp:117) checking if ssl/aes(3:0:2) implements ssl/blowfish(3:0:0)
18:15:39 (Interface.cpp:117) checking if ssl/blowfish(3:0:2) implements ssl/blowfish(3:0:0)
18:15:39 (SSL_Cipher.cpp:335) allocated cipher ssl/blowfish, keySize 32, ivlength 8
18:15:39 (FileUtils.cpp:1543) cipher key size = 44
18:15:39 (Interface.cpp:117) checking if nameio/block(4:0:2) implements nameio/block(3:0:0)
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/F03b5H-jlyO5e1
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/F03b5H-jlyO5e1
18:15:40 (RawFileIO.cpp:164) getAttr error on /home/pp/encs/F03b5H-jlyO5e1: No such file or directory
18:15:40 (encfs.cpp:136) getattr error: No such file or directory
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/zIceqMauV1Qflw9dY-cINAJrxucgYQeIo12
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/zIceqMauV1Qflw9dY-cINAJrxucgYQeIo12
18:15:40 (RawFileIO.cpp:164) getAttr error on /home/pp/encs/zIceqMauV1Qflw9dY-cINAJrxucgYQeIo12: No such file or directory
18:15:40 (encfs.cpp:136) getattr error: No such file or directory
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/KKYr-ZdFqI5K1Sb-BG3mvq2F
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/KKYr-ZdFqI5K1Sb-BG3mvq2F
18:15:40 (RawFileIO.cpp:164) getAttr error on /home/pp/encs/KKYr-ZdFqI5K1Sb-BG3mvq2F: No such file or directory
18:15:40 (encfs.cpp:136) getattr error: No such file or directory
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/MtbcAMURsOvxxzp2MR5RppcP
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/MtbcAMURsOvxxzp2MR5RppcP
18:15:40 (RawFileIO.cpp:164) getAttr error on /home/pp/encs/MtbcAMURsOvxxzp2MR5RppcP: No such file or directory
18:15:40 (encfs.cpp:136) getattr error: No such file or directory
18:15:40 (encfs.cpp:200) getdir on /home/pp/encs/
18:15:40 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:15:40 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (encfs.cpp:200) getdir on /home/pp/encs/
18:15:40 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:15:40 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (encfs.cpp:200) getdir on /home/pp/encs/
18:15:40 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:15:40 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (encfs.cpp:200) getdir on /home/pp/encs/
18:15:40 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:15:40 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (encfs.cpp:200) getdir on /home/pp/encs/
18:15:40 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:15:40 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (encfs.cpp:200) getdir on /home/pp/encs/
18:15:40 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:15:40 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (encfs.cpp:200) getdir on /home/pp/encs/
18:15:40 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:15:40 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (encfs.cpp:200) getdir on /home/pp/encs/
18:15:40 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:15:40 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (encfs.cpp:200) getdir on /home/pp/encs/
18:15:40 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:15:40 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (encfs.cpp:200) getdir on /home/pp/encs/
18:15:40 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:15:40 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (encfs.cpp:200) getdir on /home/pp/encs/
18:15:40 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:15:40 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (encfs.cpp:200) getdir on /home/pp/encs/
18:15:40 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:15:40 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (encfs.cpp:200) getdir on /home/pp/encs/
18:15:40 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:15:40 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (encfs.cpp:200) getdir on /home/pp/encs/
18:15:40 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:15:40 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (encfs.cpp:200) getdir on /home/pp/encs/
18:15:40 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:15:40 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:15:40 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:15:40 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:15:40 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/
18:15:40 (DirNode.cpp:641) created FileNode for /home/pp/encs/KKYr-ZdFqI5K1Sb-BG3mvq2F
18:15:40 (encfs.cpp:133) getattr /home/pp/encs/KKYr-ZdFqI5K1Sb-BG3mvq2F
18:15:40 (RawFileIO.cpp:164) getAttr error on /home/pp/encs/KKYr-ZdFqI5K1Sb-BG3mvq2F: No such file or directory
18:15:40 (encfs.cpp:136) getattr error: No such file or directory
18:16:00 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:16:00 (encfs.cpp:133) getattr /home/pp/encs/
18:16:00 (encfs.cpp:200) getdir on /home/pp/encs/
18:16:00 (BlockNameIO.cpp:189) Rejecting filename '.encfs6.xml'
18:16:00 (DirNode.cpp:108) error decoding filename: .encfs6.xml
18:16:00 (BlockNameIO.cpp:220) padding, _bx, finalSize = 151, 8, -143
18:16:00 (DirNode.cpp:108) error decoding filename: xntb7NWpcNXNu,
18:16:00 (BlockNameIO.cpp:220) padding, _bx, finalSize = 122, 8, -106
18:16:00 (DirNode.cpp:108) error decoding filename: 2IQX19Wt2n0wsIlioIUoEVSJ
18:16:00 (DirNode.cpp:641) created FileNode for /home/pp/encs/
18:16:00 (encfs.cpp:133) getattr /home/pp/encs/
18:16:00 (DirNode.cpp:641) created FileNode for /home/pp/encs/b2gPNpNLLzQYpTSV3tZLy0sK
18:16:00 (encfs.cpp:133) getattr /home/pp/encs/b2gPNpNLLzQYpTSV3tZLy0sK
18:16:00 (DirNode.cpp:641) created FileNode for /home/pp/encs/mxM-FFPrUoSXK1
18:16:00 (encfs.cpp:133) getattr /home/pp/encs/mxM-FFPrUoSXK1

This is the stash:

ls -R /home/pp/encs/
/home/pp/encs/:
2IQX19Wt2n0wsIlioIUoEVSJ  b2gPNpNLLzQYpTSV3tZLy0sK  mxM-FFPrUoSXK1  xntb7NWpcNXNu,

/home/pp/encs/mxM-FFPrUoSXK1:
cq7C-BqEA9K2m-

/home/pp/encs/xntb7NWpcNXNu,:
IgT9t3sL44MVi0

--exclude and --exclude-from [BOUNTY $100]

Because --reverse's only practical use case is archiving, I request that --exclude and --exclude-from features be added to be consistent with other archiving tools.

Work plan

Use fnmatch(3) with FNM_PATHNAME for pattern matching
Add a --exclude option to specify a pattern
Add a --exclude-from option to specify a file which contains multiple patterns (see https://github.com/jmwhittaker/dotfiles/blob/master/backup_excludes.txt for an example)

Current workarounds:

Use rofs-filtered and then encfs on top of it
- THIS IS NOW A VIABLE WORKAROUND ON MAC/WIN/NIX, see gburca/rofs-filtered#1
Use rsync --link-dest to filter, then encfs on top of it
- Works great, see https://gist.github.com/fulldecent/6271e06aa4cfc7271777
- Completely allows rsync-style --exclude and --exclude-from options
Whitelist files to transfer then use encfsctl to get encrypted names
- This is implemented here https://gist.github.com/fulldecent/910fcd42350d59cb8558
- Problem: it will not delete extraneous file on the destination (rsync's --files-from does not work with --delete).

How to recover data?

I'm currently using Gnome EncFS manager, which it's just a frontend for EncFS...

Recently I changed my Gnome EncFS password for a randomly generated passphrase and I added some words at the end of it... I actually recall the words I added but I can't remember the FULL passphrase and the password manager didn't saved the new passphrase so now I can't access my data (it still there but it is encrypted); it's worth mentioning that I have access to:

My physical machine with normal user and super user privileges (obviously)
My .encfs6.xml file
Data recovered with photorec/testdisk which seems to be "ciphered with the previous password" (I can tell because of the date)
All of the encrypted data
Second half of the passphrase (the one I actually wrote and not just copypasted from some "xkcd random passphrase gemerator")

Is it possible to recover it using some EncFS commands as root or something? (at least the data ciphered with the previous password?) There is like 50GB of CRITICAL data there, YEARS of hard work.

So, Ideas? Thanks...

encfs 1.8 slow compared to encfs 1.7.4

I just did an upgrade from encfs 1.7.4 to the newly released 1.8. I use encfs in reverse in combination with rsync to copy my backups to a second location.
My test folder has a size of 5 GB with 150000 files in it. With encfs 1.7.4 the copying the test folder was done in 15 sec. Runing encfs with rsync on the same files (again, no changes) with encfs 1.8 took about 5 min with high CPU utilization of encfs all the time.

Has anyone an idea, why the new version is that much slower?

encrypt extended attributes

unable to compile 1.7.5

Dear all,

It seems there is an error in the configure generated with "make -f Makefile.dist ".
This is the error I get after running #./configure
...
checking sys/xattr.h presence... yes
checking for sys/xattr.h... yes
checking whether xattr interface takes additional options... yes
./configure: line 19603: syntax error near unexpected token OPENSSL,' ./configure: line 19603: PKG_CHECK_MODULES(OPENSSL, openssl >= 0.9.7,'

regards,
Valerio

Transport endpoint is not connected

In order to debug an unrelated issue, I've written a small Makefile which performs the following steps:

create an 8MB, ext4 formatted image
create a loop device and bind the image to it
mount the loop-device to a folder
set-up an encfs encrypted directory (standard settings, password foobar)

You can execute these steps by saving the Makefile in some folder, and executing make. In order to quickly trip the issue, execute while make; do echo; done, which repeatedly executes make until failure occurs.

On my system, it only takes some 2 or 3 iterations about I get an error: Transport endpoint is not connected. This only happens when trying to list the folder; creating and mounting it works perfectly fine:

spawn encfs -v /usr/src/encfs-bug/mount/.secure /usr/src/encfs-bug/mount/encrypted
11:52:48 (main.cpp:532) Root directory: /usr/src/encfs-bug/mount/.secure/
11:52:48 (main.cpp:533) Fuse arguments: (daemon) (threaded) (keyCheck) encfs /usr/src/encfs-bug/mount/encrypted -o use_ino -o default_permissions 
Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?> standard

Standard configuration selected.
11:52:48 (SSL_Cipher.cpp:335) allocated cipher ssl/aes, keySize 24, ivlength 16
11:52:48 (FileUtils.cpp:1085) Using cipher AES, key size 192, block size 1024

Configuration finished.  The filesystem to be created has
the following properties:
11:52:48 (Interface.cpp:117) checking if ssl/aes(3:0:2) implements ssl/aes(3:0:2)
11:52:48 (SSL_Cipher.cpp:335) allocated cipher ssl/aes, keySize 24, ivlength 16
Filesystem cipher: "ssl/aes", version 3:0:2
11:52:48 (Interface.cpp:117) checking if nameio/block(4:0:2) implements nameio/block(4:0:2)
Filename encoding: "nameio/block", version 4:0:2
11:52:48 (Interface.cpp:117) checking if ssl/aes(3:0:2) implements ssl/aes(3:0:2)
11:52:48 (SSL_Cipher.cpp:335) allocated cipher ssl/aes, keySize 24, ivlength 16
Key Size: 192 bits
Block Size: 1024 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File holes passed through to ciphertext.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism.  However, the password can be changed
later using encfsctl.

11:52:48 (openssl.cpp:43) Allocating 41 locks for OpenSSL
11:52:48 (FileUtils.cpp:1139) useStdin: 0
New Encfs Password: 
Verify Encfs Password: 
11:52:48 (Interface.cpp:117) checking if ssl/aes(3:0:2) implements ssl/aes(3:0:2)
11:52:48 (SSL_Cipher.cpp:335) allocated cipher ssl/aes, keySize 24, ivlength 16
11:52:49 (Interface.cpp:117) checking if nameio/block(4:0:2) implements nameio/block(4:0:2)

mount | grep /usr/src/encfs-bug/mount/encrypted
encfs on /usr/src/encfs-bug/mount/encrypted type fuse.encfs (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000,default_permissions)

ls /usr/src/encfs-bug/mount/encrypted
ls: cannot access /usr/src/encfs-bug/mount/encrypted: Transport endpoint is not connected

I'm using Arch Linux, which ships fuse 2.5 and encfs 1.8. I'm running kernel 4.0.0-rc4. When the error occurs, I'm not seeing any warnings or errors in my system log.

--reverse: Enable unique IVs - use inode numbers

Currently, per-file unique IVs (=uniqueIV) are not supported for --reverse mode. This enables an attacker with access to the ciphertext to compare files at block granularity.

The implementation problem for unique IVs in --reverse is that there is no persistent store for the encrypted files and the IVs. To enable efficient backups of the encrypted files using rsync (or similar) the IVs should not change when encfs is restarted. The IV should also not change when the file is renamed, so it cannot be derived from the file name.

I propose to use the inode number as the IV. It stays constant for each file across renames, hard links and reboots and is guaranteed to be unique for one file system. Inode numbers are reused over time, though. This is undesireable, but still a lot better than no IVs at all.

Can't remove directory

I have a directory in my encrypted fs that cannot be deleted.

$ sudo rm -rf org.eclipse.e4.workbench/
rm: org.eclipse.e4.workbench/: Directory not empty

$ ls -al org.eclipse.e4.workbench/
total 16
drwxr-xr-x  3 nilbus  staff  102 Nov  6 14:50 .
drwx------@ 3 nilbus  staff  102 Nov  6 14:53 ..

Is this perhaps related? https://bugs.launchpad.net/ubuntu/+source/encfs/+bug/160214
I would like to try the mentioned workaround, but I don't know how he was implying that one should be able to find the encrypted folder using the inode number.

alternative filename storage for very long filenames

Long filenames can exceed the filesystem limits after encryption & encoding. An alternative is to store filenames as file contents.

Just to revisit the current design, it is like this:

[ plain text filename ] --- encryption ---> [ encrypted blob ] --- base64 ---> [ encrypted filename ]

For short filenames (<= 176 bytes), nothing changes
For longer filenames, I think we should do this:

[ plain text filename ] --- encryption ---> [ encrypted blob ] --- sha256 --- hexdump ---> [ filename hash ]

The file would be called
longfn.[ filename hash ]
and there is a second file,
longfn.[ filename hash ].fullname
that stores the "encrypted blob".

I think this is the way to go. Build it into encfs instead of creating an external filesystem. This would be difficult to test and use and hence error prone and fragile.

The construction using the sha256 hash makes sure file lookup is efficient even for long file names. There should be no performance impact for directories not containing long file names. Each long file name in a folder will hit readdir performance with the penalty of reading the longfn.[ filename hash ].fullname.

Pull requests welcome!

Generating Block IV by XORing Block Number

From: https://defuse.ca/audits/encfs.htm

Exploitability: Low
Security Impact: Medium

Given the File IV (an IV unique to a file), EncFS generates per-block IVs by XORing the File IV with the Block Number, then passing the result to setIVec(), which is described in #9. This is not a good solution, as it leads to IV re-use when combined with the last-block stream cipher issue in #9:

The stream algorithm (see previous section) adds 1 to the IV, which could undo the XOR with the block number, causing the IV to be re-used. Suppose the file consists of one and a half blocks, and that the File IV's least significant bit (LSB) is 1. The first block will be encrypted with the File IV (block number = 0). The second (partial) block will be encrypted with File IV XOR 1 (since block number = 1), making the LSB 0, using the stream algorithm. The stream algorithm adds 1 to the IV, bringing the LSB back to 1, and hence the same IV is used twice. The IVs are reused with different encryption modes (CBC and CFB), but CFB mode starts out similar to CBC mode, so this is worrisome.

EncFS should use a mode like XTS for random-access block encryption.

Correction 12/05/2014:
XTS mode is probably not the ideal option, see Thomas Ptacek's blog post for good reasons why.

symbol lookup error

I have pulled the latest master, configure/made it, and now I get:
undefined symbol: _Z6initFSP13EncFS_ContextRKSt10shared_ptrI10EncFS_OptsE

Nano scale income awaiting you...

3 flattrs for you on Flattr.com. <3 nonetheless!

Interactive command help should not be translated (e.g. y/n)

When run interactively, the letters the user has to press are the same regardless of the current locale (which is the right behaviour). But the translation sometimes does not say so. For instance

$ LANG=sv encfs new_root new_view
Katalogen "new_root" finns ej. Ska den skapas? (j/n)

Here pressing 'j' will have the effect of 'no'. Thus the command help should not be translated.

osxfuse is only located in /usr and /usr/local

The configure script does not find osxfuse if it is installed in another location.

It should provide a way to pass the path to osxfuse's installation directory via --with-osxfuse=.

The result should be a configure script that does not only search for osxfuse include files in "/usr/include/osxfuse /usr/local/include/osxfuse" but also in "/usr/include/osxfuse /usr/local/include/osxfuse /include/osxfuse"

encfs in cygwin?

Hi, anyone has succesfully installed encfs on cygwin on Windows? Is it possible at all?

I know there's a version for Windows, running 1.7.4 which is also what my Linux Mint installed. But it says experimental on the webpage, anyone knows if it's reliable?
http://members.ferrara.linux.it/freddy77/encfs.html

Note that there's no version available here:
https://github.com/vgough/encfs/blob/master/ChangeLog
So I don't know what is the latest version on github for encfs

And sourceforge list 1.2.0-2 as the latest:
https://sourceforge.net/projects/encfs
Looks like encfs on sourceforge is dead which is why it's on github anyway.

For the problem in cygwin, it's crashing at autoreconf -if, there's quite a few package I couldn't install as they are not provided in cygwin, like build-essential, libfuse-dev, libssl-dev, librlog-dev, libbost-serialization-dev which is why I'm also asking if it could be even possible to install encfs in cygwin.

Here's where I'm at right now:

Copying file ABOUT-NLS
Creating directory build-aux
Copying file build-aux/config.rpath
Copying file m4/codeset.m4
Copying file m4/fcntl-o.m4
Copying file m4/gettext.m4
Copying file m4/glibc2.m4
Copying file m4/glibc21.m4
Copying file m4/iconv.m4
Copying file m4/intdiv0.m4
Copying file m4/intl.m4
Copying file m4/intldir.m4
Copying file m4/intlmacosx.m4
Copying file m4/intmax.m4
Copying file m4/inttypes-pri.m4
Copying file m4/inttypes_h.m4
Copying file m4/lcmessage.m4
Copying file m4/lib-ld.m4
Copying file m4/lib-link.m4
Copying file m4/lib-prefix.m4
Copying file m4/lock.m4
Copying file m4/longlong.m4
Copying file m4/nls.m4
Copying file m4/po.m4
Copying file m4/printf-posix.m4
Copying file m4/progtest.m4
Copying file m4/size_max.m4
Copying file m4/stdint_h.m4
Copying file m4/threadlib.m4
Copying file m4/uintmax_t.m4
Copying file m4/visibility.m4
Copying file m4/wchar_t.m4
Copying file m4/wint_t.m4
Copying file m4/xsize.m4
Copying file po/Makefile.in.in
Copying file po/Makevars.template
Copying file po/Rules-quot
libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, 'build-aux'.
libtoolize: copying file 'build-aux/ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
configure.ac:17: error: possibly undefined macro: PKG_CHECK_MODULES
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
autoreconf-2.69: /usr/bin/autoconf-2.69 failed with exit status: 1

Editing Configuration File Disables MACs

From: https://defuse.ca/audits/encfs.htm

Exploitability: High
Security Impact: Medium

The purpose of MAC headers is to prevent an attacker with read/write access to the ciphertext from being able to make changes without being detected. Unfortunately, this feature provides little security, since it is controlled by an option in the .encfs6.xml configuration file (part of the ciphertext), so the attacker can just disable it by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes" (so that the MAC is not interpreted as data).

EncFS needs to re-evaluate the purpose of MAC headers and come up with something more robust. As a workaround, EncFS could add a command line option --require-macs that will trigger an error if the configuration file does not have MAC headers enabled.

Missing translation files after building

Hi,
I'm the encfs package maintainer for Arch Linux. After building the latest version, the comparison check shows that the new package is missing all the data that was in the '/usr/share/locale' directory. Are there any special steps needed to have the .mo translation files created and included?
Thank you!

problems with Yosemite 10.10.1 and homebrew

SOLVED

It was sufficient to just run a brew update...

Tell people about the git repo

@vgough If you don't announce that encfs is living at a new home nobody will know to contribute there.

There's a few places I can think of at a minimum where an announcement should be made.

Otherwise I doubt anyone would even know to come to github to contribute.

encfs doesn't compile with musl libc

g++ -DHAVE_CONFIG_H -I. -I.. -I../intl -Os -fomit-frame-pointer -D_FILE_OFFSET_BITS=64 -DFUSE_USE_VERSION=26 -D__STDC_FORMAT_MACROS -DRLOG_COMPONENT="encfs" -I/usr/include -W -Wall -Wpointer-ar
ith -Wwrite-strings -Os -fomit-frame-pointer -MT encfsctl.o -MD -MP -MF .deps/encfsctl.Tpo -c -o encfsctl.o encfsctl.cpp
encfsctl.cpp:298:29: warning: unused parameter 'argc' [-Wunused-parameter]
static int cmd_showKey( int argc, char argv )
^
encfsctl.cpp: In function 'int cmd_decode(int, char)':
encfsctl.cpp:331:18: error: 'PATH_MAX' was not declared in this scope
char buf[PATH_MAX+1];
^
encfsctl.cpp:332:27: error: 'buf' was not declared in this scope
while(cin.getline(buf,PATH_MAX))
^
encfsctl.cpp: In function 'int cmd_encode(int, char**)':
encfsctl.cpp:355:18: error: 'PATH_MAX' was not declared in this scope
char buf[PATH_MAX+1];
^
encfsctl.cpp:356:27: error: 'buf' was not declared in this scope
while(cin.getline(buf,PATH_MAX))
^
encfsctl.cpp: In function 'int copyContents(const boost::shared_ptr<EncFS_Root>&, const char_, const char_)':
encfsctl.cpp:517:31: error: 'PATH_MAX' was not declared in this scope
char linkContents[PATH_MAX+2];
^
encfsctl.cpp:519:37: error: 'linkContents' was not declared in this scope
if(readlink (d.c_str(), linkContents, PATH_MAX + 1) <= 0)
^
encfsctl.cpp:524:47: error: 'linkContents' was not declared in this scope
symlink(rootInfo->root->plainPath(linkContents).c_str(),
^
encfsctl.cpp: In function 'int cmd_showcruft(int, char**)':
encfsctl.cpp:691:13: error: 'ngettext' was not declared in this scope
filesFound), filesFound) << "\n";
^
Makefile:636: recipe for target 'encfsctl.o' failed
make[2]: *** [encfsctl.o] Error 1
make[2]: *** Waiting for unfinished jobs....

64-bit Initialization Vectors

From: https://defuse.ca/audits/encfs.htm

Initialization vectors are only 64 bits, even when using AES instead of Blowfish. This may lead to vulnerabilities when encrypting large (or lots of) files.

Inaccurate nanoseconds in timestamp for fstat when backed by CIFS file system

An GNU Emacs user is reporting that when using Emacs to edit a file in an encfs file system (where the encrypted version is stored via CIFS in a Microsoft server), Emacs complains that the file has changed even though it has not. We can reproduce the bug without using Emacs. Please see http://bugs.gnu.org/19607 for the Emacs bug report, in particular Message#38 (which gives a small C test program) and Message#41 (which confirms that the bug is present. The C program can be found at http://debbugs.gnu.org/cgi/bugreport.cgi?msg=38;filename=test.c;att=1;bug=19607.

The problem appears to be that encfs and/or CIFS is marking a file for update, then the program calls fstat to get the time stamp, and then afterwards encfs and/or CIFS actually updates st_mtime. POSIX does not allow this behavior; fstat should get the updated st_mtime.

--nocache option not mentioned in man page

Based on the discussions about --nocache in #60, I noticed that this option is not mentioned in the man page.

MACs Not Compared in Constant Time

From: https://defuse.ca/audits/encfs.htm

Exploitability: Medium
Security Impact: Medium

MACs are not compared in constant time (MACFileIO.cpp, Line 209). This allows an attacker with write access to the ciphertext to use a timing attack to compute the MAC of arbitrary values.

A constant-time string comparison should be used.

pod error in last tagged release

Over at Homebrew/legacy-homebrew#33479 , encfs build is running into a pod issue which has already been fixed here.

encfs.pod around line 1: =cut found outside a pod block.  Skipping to next block.
encfsctl.pod around line 1: =cut found outside a pod block.  Skipping to next block.
POD document had syntax errors at /usr/bin/pod2man5.18 line 72.
make[2]: *** [encfsctl.1] Error 255
make[2]: *** Waiting for unfinished jobs....
POD document had syntax errors at /usr/bin/pod2man5.18 line 72.
make[2]: *** [encfs.1] Error 255

They however prefer to pull stable/tagged builds and your latest 1.7.5 tagged build contains this issue. Please consider release a new tagged build with this fixed. Thanks.

Information Leakage Between Decryption and MAC Check

From: https://defuse.ca/audits/encfs.htm

EncFS uses Mac-then-Encrypt. Therefore it is possible for any processing done on the decrypted plaintext before the MAC is checked to leak information about it, in a style similar to a padding oracle vulnerability. EncFS doesn't use padding, but the MAC code does iteratively check if the entire block is zero, so the number of leading zero bytes in the plaintext is leaked by the execution time.

Allow encfs6.xml in different directory

Can you please allow for the encfs6.xml config file to be located in a folder different from the encrypted folder for better security when syncing with cloud providers such as Google drive and Dropbox.

Problem opening files on OS X

This is a rare issue, rare enough to be difficult to reproduce, but not rare enough to not be annoying. We use version 1.8 installed from homebrew.

How to reproduce (when this happens):

Double-click on the file (in this case PDF, but same happens with Word for example)
Dialog window saying "File_1" is damaged and can't be opened. You should eject the disk. It also says "Preview created this file on {date}.", which is correct. There are two options: Cancel and Eject Disk

If I copy this file to /tmp, I can open it, they are even same:

$ md5 encfs/File_1.pdf
MD5 (encfs/File_1.pdf) = 0bc06a6fae03f2ca9c4c55cd7cd81ad4
$ md5 /tmp/File_1.pdf
MD5 (/tmp/File_1.pdf) = 0bc06a6fae03f2ca9c4c55cd7cd81ad4

The underlying folder is synchronized using Synology CloudStation (private Dropbox alternative), so this may be related. It does not happen with unencrypted folder, so it's either an encfs issue or encfs+Synology CloudStation interaction issue. Internally, it's like dropbox, synchronizes the underlying files when they change (so it's not using FUSE or mount any other filesystem, it's an userspace application). Also noted: This file has been synchronized months ago and has not been changed, so it's probably not a locking issue and for sure not a synchronization conflict issue.

sloppy set permissions in encfs-1.8.1.tar.gz

Unpacking encfs-1.8.1.tar.gz as root reveals that some files different user/group IDs.
Below an extraction of the log of the openSUSE build service which shows the files at with different user/group IDs at the end of the list.

[   31s] + /bin/tar -xvvf -
[   31s] drwxrwxr-x root/root         0 2015-03-24 20:45 encfs-1.8.1/
[   31s] -rw-rw-r-- root/root      1541 2015-03-24 20:45 encfs-1.8.1/.clang-format
[   31s] -rw-rw-r-- root/root       627 2015-03-24 20:45 encfs-1.8.1/.gitignore
[   31s] -rw-rw-r-- root/root       243 2015-03-24 20:45 encfs-1.8.1/.travis.yml
[   31s] -rw-rw-r-- root/root       211 2015-03-24 20:45 encfs-1.8.1/AUTHORS
[   31s] -rw-rw-r-- root/root       212 2015-03-24 20:45 encfs-1.8.1/COPYING
[   31s] -rw-rw-r-- root/root     35147 2015-03-24 20:45 encfs-1.8.1/COPYING.GPL
[   31s] -rw-rw-r-- root/root      7651 2015-03-24 20:45 encfs-1.8.1/COPYING.LGPL
[   31s] -rw-rw-r-- root/root     49884 2015-03-24 20:45 encfs-1.8.1/ChangeLog
[   31s] -rw-rw-r-- root/root      6466 2015-03-24 20:45 encfs-1.8.1/DESIGN.md
[   31s] -rw-rw-r-- root/root      1642 2015-03-24 20:45 encfs-1.8.1/INSTALL.md
[   31s] -rw-rw-r-- root/root       614 2015-03-24 20:45 encfs-1.8.1/Makefile.am
[   31s] -rw-rw-r-- root/root        22 2015-03-24 20:45 encfs-1.8.1/Makefile.common
[   31s] -rw-rw-r-- root/root        36 2015-03-24 20:45 encfs-1.8.1/Makefile.dist
[   31s] -rw-rw-r-- root/root      3957 2015-03-24 20:45 encfs-1.8.1/PERFORMANCE.md
[   31s] -rw-rw-r-- root/root      3377 2015-03-24 20:45 encfs-1.8.1/README-NLS
[   31s] -rw-rw-r-- root/root      2865 2015-03-24 20:45 encfs-1.8.1/README.md
[   31s] -rw-rw-r-- root/root       295 2015-03-24 20:45 encfs-1.8.1/TRANSLATORS
[   31s] -rw-rw-r-- root/root      7228 2015-03-24 20:45 encfs-1.8.1/configure.ac
[   31s] -rw-rw-r-- root/root       430 2015-03-24 20:45 encfs-1.8.1/dk2ChangeLog
[   31s] -rw-rw-r-- root/root      8029 2015-03-24 20:45 encfs-1.8.1/encfs.spec.in
[   31s] drwxrwxr-x root/root         0 2015-03-24 20:45 encfs-1.8.1/encfs/
[   31s] -rw-rw-r-- root/root     12378 2015-03-24 20:45 encfs-1.8.1/encfs/BlockFileIO.cpp
[   31s] -rw-rw-r-- root/root      2255 2015-03-24 20:45 encfs-1.8.1/encfs/BlockFileIO.h
[   31s] -rw-rw-r-- root/root      8472 2015-03-24 20:45 encfs-1.8.1/encfs/BlockNameIO.cpp
[   31s] -rw-rw-r-- root/root      2185 2015-03-24 20:45 encfs-1.8.1/encfs/BlockNameIO.h
[   31s] -rw-rw-r-- root/root      5960 2015-03-24 20:45 encfs-1.8.1/encfs/Cipher.cpp
[   31s] -rw-rw-r-- root/root      6148 2015-03-24 20:45 encfs-1.8.1/encfs/Cipher.h
[   31s] -rw-rw-r-- root/root     15320 2015-03-24 20:45 encfs-1.8.1/encfs/CipherFileIO.cpp
[   31s] -rw-rw-r-- root/root      2593 2015-03-24 20:45 encfs-1.8.1/encfs/CipherFileIO.h
[   31s] -rw-rw-r-- root/root      1029 2015-03-24 20:45 encfs-1.8.1/encfs/CipherKey.cpp
[   31s] -rw-rw-r-- root/root      1146 2015-03-24 20:45 encfs-1.8.1/encfs/CipherKey.h
[   31s] -rw-rw-r-- root/root      3596 2015-03-24 20:45 encfs-1.8.1/encfs/ConfigReader.cpp
[   31s] -rw-rw-r-- root/root      1739 2015-03-24 20:45 encfs-1.8.1/encfs/ConfigReader.h
[   31s] -rw-rw-r-- root/root      5374 2015-03-24 20:45 encfs-1.8.1/encfs/ConfigVar.cpp
[   31s] -rw-rw-r-- root/root      2245 2015-03-24 20:45 encfs-1.8.1/encfs/ConfigVar.h
[   31s] -rw-rw-r-- root/root      3955 2015-03-24 20:45 encfs-1.8.1/encfs/Context.cpp
[   31s] -rw-rw-r-- root/root      2902 2015-03-24 20:45 encfs-1.8.1/encfs/Context.h
[   31s] -rw-rw-r-- root/root     19264 2015-03-24 20:45 encfs-1.8.1/encfs/DirNode.cpp
[   31s] -rw-rw-r-- root/root      5496 2015-03-24 20:45 encfs-1.8.1/encfs/DirNode.h
[   31s] -rw-rw-r-- root/root      3601 2015-03-24 20:45 encfs-1.8.1/encfs/FSConfig.h
[   31s] -rw-rw-r-- root/root      1091 2015-03-24 20:45 encfs-1.8.1/encfs/FileIO.cpp
[   31s] -rw-rw-r-- root/root      2317 2015-03-24 20:45 encfs-1.8.1/encfs/FileIO.h
[   31s] -rw-rw-r-- root/root      6553 2015-03-24 20:45 encfs-1.8.1/encfs/FileNode.cpp
[   31s] -rw-rw-r-- root/root      3011 2015-03-24 20:45 encfs-1.8.1/encfs/FileNode.h
[   31s] -rw-rw-r-- root/root     50531 2015-03-24 20:45 encfs-1.8.1/encfs/FileUtils.cpp
[   31s] -rw-rw-r-- root/root      4870 2015-03-24 20:45 encfs-1.8.1/encfs/FileUtils.h
[   31s] -rw-rw-r-- root/root      4772 2015-03-24 20:45 encfs-1.8.1/encfs/Interface.cpp
[   31s] -rw-rw-r-- root/root      2804 2015-03-24 20:45 encfs-1.8.1/encfs/Interface.h
[   31s] -rw-rw-r-- root/root      8450 2015-03-24 20:45 encfs-1.8.1/encfs/MACFileIO.cpp
[   31s] -rw-rw-r-- root/root      1977 2015-03-24 20:45 encfs-1.8.1/encfs/MACFileIO.h
[   31s] -rw-rw-r-- root/root      3068 2015-03-24 20:45 encfs-1.8.1/encfs/Makefile.am
[   31s] -rw-rw-r-- root/root      3313 2015-03-24 20:45 encfs-1.8.1/encfs/MemoryPool.cpp
[   31s] -rw-rw-r-- root/root      1447 2015-03-24 20:45 encfs-1.8.1/encfs/MemoryPool.h
[   31s] -rw-rw-r-- root/root      1561 2015-03-24 20:45 encfs-1.8.1/encfs/Mutex.h
[   31s] -rw-rw-r-- root/root      8630 2015-03-24 20:45 encfs-1.8.1/encfs/NameIO.cpp
[   31s] -rw-rw-r-- root/root      4753 2015-03-24 20:45 encfs-1.8.1/encfs/NameIO.h
[   31s] -rw-rw-r-- root/root      4026 2015-03-24 20:45 encfs-1.8.1/encfs/NullCipher.cpp
[   31s] -rw-rw-r-- root/root      3022 2015-03-24 20:45 encfs-1.8.1/encfs/NullCipher.h
[   31s] -rw-rw-r-- root/root      2222 2015-03-24 20:45 encfs-1.8.1/encfs/NullNameIO.cpp
[   31s] -rw-rw-r-- root/root      1646 2015-03-24 20:45 encfs-1.8.1/encfs/NullNameIO.h
[   31s] -rw-rw-r-- root/root      2334 2015-03-24 20:45 encfs-1.8.1/encfs/Range.h
[   31s] -rw-rw-r-- root/root      7126 2015-03-24 20:45 encfs-1.8.1/encfs/RawFileIO.cpp
[   31s] -rw-rw-r-- root/root      1680 2015-03-24 20:45 encfs-1.8.1/encfs/RawFileIO.h
[   31s] -rw-rw-r-- root/root     26576 2015-03-24 20:45 encfs-1.8.1/encfs/SSL_Cipher.cpp
[   31s] -rw-rw-r-- root/root      5608 2015-03-24 20:45 encfs-1.8.1/encfs/SSL_Cipher.h
[   31s] -rw-rw-r-- root/root      6671 2015-03-24 20:45 encfs-1.8.1/encfs/StreamNameIO.cpp
[   31s] -rw-rw-r-- root/root      1857 2015-03-24 20:45 encfs-1.8.1/encfs/StreamNameIO.h
[   31s] -rw-rw-r-- root/root      2183 2015-03-24 20:45 encfs-1.8.1/encfs/autosprintf.cpp
[   31s] -rw-rw-r-- root/root      2243 2015-03-24 20:45 encfs-1.8.1/encfs/autosprintf.h
[   31s] -rw-rw-r-- root/root      5663 2015-03-24 20:45 encfs-1.8.1/encfs/base64.cpp
[   31s] -rw-rw-r-- root/root      2367 2015-03-24 20:45 encfs-1.8.1/encfs/base64.h
[   31s] -rw-rw-r-- root/root      2951 2015-03-24 20:45 encfs-1.8.1/encfs/boost-versioning.h
[   31s] drwxrwxr-x root/root         0 2015-03-24 20:45 encfs-1.8.1/encfs/docs/
[   31s] -rw-rw-r-- root/root       128 2015-03-24 20:45 encfs-1.8.1/encfs/docs/Makefile.am
[   31s] drwxrwxr-x root/root         0 2015-03-24 20:45 encfs-1.8.1/encfs/docs/en/
[   31s] -rw-rw-r-- root/root       128 2015-03-24 20:45 encfs-1.8.1/encfs/docs/en/Makefile.am
[   31s] -rw-rw-r-- root/root     20285 2015-03-24 20:45 encfs-1.8.1/encfs/encfs.cpp
[   31s] -rw-rw-r-- root/root      3752 2015-03-24 20:45 encfs-1.8.1/encfs/encfs.h
[   31s] -rw-rw-r-- root/root     25089 2015-03-24 20:45 encfs-1.8.1/encfs/encfs.pod
[   31s] -rw-rw-r-- root/root     21628 2015-03-24 20:45 encfs-1.8.1/encfs/encfsctl.cpp
[   31s] -rw-rw-r-- root/root      3496 2015-03-24 20:45 encfs-1.8.1/encfs/encfsctl.pod
[   31s] -rw-rw-r-- root/root      1390 2015-03-24 20:45 encfs-1.8.1/encfs/encfssh
[   31s] -rw-rw-r-- root/root      1072 2015-03-24 20:45 encfs-1.8.1/encfs/i18n.h
[   31s] -rw-rw-r-- root/root     25443 2015-03-24 20:45 encfs-1.8.1/encfs/main.cpp
[   31s] -rw-rw-r-- root/root      1701 2015-03-24 20:45 encfs-1.8.1/encfs/makeKey.cpp
[   31s] -rw-rw-r-- root/root      2874 2015-03-24 20:45 encfs-1.8.1/encfs/openssl.cpp
[   31s] -rw-rw-r-- root/root      1050 2015-03-24 20:45 encfs-1.8.1/encfs/openssl.h
[   31s] -rw-rw-r-- root/root      5726 2015-03-24 20:45 encfs-1.8.1/encfs/readpassphrase.cpp
[   31s] -rw-rw-r-- root/root      2244 2015-03-24 20:45 encfs-1.8.1/encfs/readpassphrase.h
[   31s] -rw-rw-r-- root/root      1054 2015-03-24 20:45 encfs-1.8.1/encfs/shared_ptr.h
[   31s] -rw-rw-r-- root/root     13110 2015-03-24 20:45 encfs-1.8.1/encfs/test.cpp
[   31s] -rw-rw-r-- root/root      1677 2015-03-24 20:45 encfs-1.8.1/encfs/testextpass
[   31s] drwxrwxr-x root/root         0 2015-03-24 20:45 encfs-1.8.1/intl/
[   31s] -rw-rw-r-- root/root     10011 2015-03-24 20:45 encfs-1.8.1/intl/gettext.h
[   31s] drwxrwxr-x root/root         0 2015-03-24 20:45 encfs-1.8.1/m4/
[   31s] -rw-rw-r-- root/root       484 2015-03-24 20:45 encfs-1.8.1/m4/Makefile.am
[   31s] -rw-rw-r-- root/root     10622 2015-03-24 20:45 encfs-1.8.1/m4/ax_boost_base.m4
[   31s] -rw-rw-r-- root/root      4847 2015-03-24 20:45 encfs-1.8.1/m4/ax_boost_serialization.m4
[   31s] -rw-rw-r-- root/root      4785 2015-03-24 20:45 encfs-1.8.1/m4/ax_cxx_compile_stdcxx_11.m4
[   31s] -rw-rw-r-- root/root      2116 2015-03-24 20:45 encfs-1.8.1/m4/ax_ext_check_header.m4
[   31s] -rw-rw-r-- root/root      2381 2015-03-24 20:45 encfs-1.8.1/m4/ax_ext_have_lib.m4
[   31s] -rw-rw-r-- root/root     12576 2015-03-24 20:45 encfs-1.8.1/m4/ax_pthread.m4
[   31s] -rw-rw-r-- root/root       132 2015-03-24 20:45 encfs-1.8.1/makedist.sh
[   31s] -rw-rw-r-- root/root       758 2015-03-24 20:45 encfs-1.8.1/makedist2.sh.in
[   31s] drwxrwxr-x root/root         0 2015-03-24 20:45 encfs-1.8.1/po/
[   31s] -rw-rw-r-- root/root       262 2015-03-24 20:45 encfs-1.8.1/po/ChangeLog
[   31s] -rw-rw-r-- root/root       202 2015-03-24 20:45 encfs-1.8.1/po/LINGUAS
[   31s] -rw-rw-r-- root/root      1847 2015-03-24 20:45 encfs-1.8.1/po/Makevars
[   31s] -rw-rw-r-- root/root       155 2015-03-24 20:45 encfs-1.8.1/po/POTFILES.in
[   31s] -rw-rw-r-- root/root     25933 2015-03-24 20:45 encfs-1.8.1/po/ar.po
[   31s] -rw-rw-r-- root/root     19754 2015-03-24 20:45 encfs-1.8.1/po/be.po
[   31s] -rw-rw-r-- root/root     22897 2015-03-24 20:45 encfs-1.8.1/po/bg.po
[   31s] -rw-rw-r-- root/root       217 2015-03-24 20:45 encfs-1.8.1/po/boldquot.sed
[   31s] -rw-rw-r-- root/root     17183 2015-03-24 20:45 encfs-1.8.1/po/bs.po
[   31s] -rw-rw-r-- root/root     23015 2015-03-24 20:45 encfs-1.8.1/po/ca.po
[   31s] -rw-rw-r-- root/root     21747 2015-03-24 20:45 encfs-1.8.1/po/cs.po
[   31s] -rw-rw-r-- root/root     21437 2015-03-24 20:45 encfs-1.8.1/po/da.po
[   31s] -rw-rw-r-- root/root     29081 2015-03-24 20:45 encfs-1.8.1/po/de.po
[   31s] -rw-rw-r-- root/root     26089 2015-03-24 20:45 encfs-1.8.1/po/de_AT.po
[   31s] -rw-rw-r-- root/root     26000 2015-03-24 20:45 encfs-1.8.1/po/de_CH.po
[   31s] -rw-rw-r-- root/root     26089 2015-03-24 20:45 encfs-1.8.1/po/de_DE.po
[   31s] -rw-rw-r-- root/root     24930 2015-03-24 20:45 encfs-1.8.1/po/el.po
[   31s] -rw-rw-r-- root/root      1337 2015-03-24 20:45 encfs-1.8.1/po/[email protected]
[   31s] -rw-rw-r-- root/root      1203 2015-03-24 20:45 encfs-1.8.1/po/[email protected]
[   31s] -rw-rw-r-- root/root     26154 2015-03-24 20:45 encfs-1.8.1/po/en_AU.po
[   31s] -rw-rw-r-- root/root     26341 2015-03-24 20:45 encfs-1.8.1/po/en_CA.po
[   31s] -rw-rw-r-- root/root     24630 2015-03-24 20:45 encfs-1.8.1/po/en_GB.po
[   31s] -rw-rw-r-- root/root     16665 2015-03-24 20:45 encfs-1.8.1/po/encfs.pot
[   31s] -rw-rw-r-- root/root     18694 2015-03-24 20:45 encfs-1.8.1/po/eo.po
[   31s] -rw-rw-r-- root/root     28860 2015-03-24 20:45 encfs-1.8.1/po/es.po
[   31s] -rw-rw-r-- root/root     24242 2015-03-24 20:45 encfs-1.8.1/po/es_ES.po
[   31s] -rw-rw-r-- root/root     18163 2015-03-24 20:45 encfs-1.8.1/po/es_PE.po
[   31s] -rw-rw-r-- root/root     17125 2015-03-24 20:45 encfs-1.8.1/po/et.po
[   31s] -rw-rw-r-- root/root     25304 2015-03-24 20:45 encfs-1.8.1/po/fi.po
[   31s] -rw-rw-r-- root/root     26852 2015-03-24 20:45 encfs-1.8.1/po/fr.po
[   31s] -rw-rw-r-- root/root     25202 2015-03-24 20:45 encfs-1.8.1/po/fr_FR.po
[   31s] -rw-rw-r-- root/root     26609 2015-03-24 20:45 encfs-1.8.1/po/gl.po
[   31s] -rw-rw-r-- root/root     28379 2015-03-24 20:45 encfs-1.8.1/po/he.po
[   31s] -rw-rw-r-- root/root     17051 2015-03-24 20:45 encfs-1.8.1/po/hr.po
[   31s] -rw-rw-r-- root/root     25260 2015-03-24 20:45 encfs-1.8.1/po/hu.po
[   31s] -rw-rw-r-- root/root     19007 2015-03-24 20:45 encfs-1.8.1/po/id.po
[   31s] -rw-rw-r-- root/root       672 2015-03-24 20:45 encfs-1.8.1/po/insert-header.sin
[   31s] -rw-rw-r-- root/root     28627 2015-03-24 20:45 encfs-1.8.1/po/it.po
[   31s] -rw-rw-r-- root/root     24216 2015-03-24 20:45 encfs-1.8.1/po/ja.po
[   31s] -rw-rw-r-- root/root     17624 2015-03-24 20:45 encfs-1.8.1/po/ko.po
[   31s] -rw-rw-r-- root/root     25005 2015-03-24 20:45 encfs-1.8.1/po/lv.po
[   31s] -rw-rw-r-- root/root     22562 2015-03-24 20:45 encfs-1.8.1/po/nb.po
[   31s] -rw-rw-r-- root/root     19927 2015-03-24 20:45 encfs-1.8.1/po/nds.po
[   31s] -rw-rw-r-- root/root     26334 2015-03-24 20:45 encfs-1.8.1/po/nl.po
[   31s] -rw-rw-r-- root/root     19491 2015-03-24 20:45 encfs-1.8.1/po/nn.po
[   31s] -rw-rw-r-- root/root     26344 2015-03-24 20:45 encfs-1.8.1/po/oc.po
[   31s] -rw-rw-r-- root/root     23757 2015-03-24 20:45 encfs-1.8.1/po/pl.po
[   31s] -rw-rw-r-- root/root     28260 2015-03-24 20:45 encfs-1.8.1/po/pt.po
[   31s] -rw-rw-r-- root/root     26710 2015-03-24 20:45 encfs-1.8.1/po/pt_BR.po
[   31s] -rw-rw-r-- root/root     23539 2015-03-24 20:45 encfs-1.8.1/po/pt_PT.po
[   31s] -rw-rw-r-- root/root       153 2015-03-24 20:45 encfs-1.8.1/po/quot.sed
[   31s] -rw-rw-r-- root/root       432 2015-03-24 20:45 encfs-1.8.1/po/remove-potcdate.sin
[   31s] -rw-rw-r-- root/root     25090 2015-03-24 20:45 encfs-1.8.1/po/ro.po
[   31s] -rw-rw-r-- root/root     33192 2015-03-24 20:45 encfs-1.8.1/po/ru.po
[   31s] -rw-rw-r-- root/root     20171 2015-03-24 20:45 encfs-1.8.1/po/sk.po
[   31s] -rw-rw-r-- root/root     18980 2015-03-24 20:45 encfs-1.8.1/po/sr.po
[   31s] -rw-rw-r-- root/root     22809 2015-03-24 20:45 encfs-1.8.1/po/sv.po
[   31s] -rw-rw-r-- root/root     16949 2015-03-24 20:45 encfs-1.8.1/po/ta.po
[   31s] -rw-rw-r-- root/root     26495 2015-03-24 20:45 encfs-1.8.1/po/tr.po
[   31s] -rw-rw-r-- root/root     28960 2015-03-24 20:45 encfs-1.8.1/po/uk.po
[   31s] -rw-rw-r-- root/root     21808 2015-03-24 20:45 encfs-1.8.1/po/vi.po
[   31s] -rw-rw-r-- root/root     24383 2015-03-24 20:45 encfs-1.8.1/po/zh_CN.po
[   31s] -rw-rw-r-- root/root     20305 2015-03-24 20:45 encfs-1.8.1/po/zh_HK.po
[   31s] -rw-rw-r-- root/root     16927 2015-03-24 20:45 encfs-1.8.1/po/zh_TW.po
[   31s] -rw-rw-r-- root/root        25 2015-03-24 20:45 encfs-1.8.1/reconfig.sh
[   31s] -rw-rw-r-- root/root        27 2015-03-24 20:45 encfs-1.8.1/subdirs
[   31s] drwxrwxr-x root/root         0 2015-03-24 20:45 encfs-1.8.1/tests/
[   31s] -rwxrwxr-x root/root      1655 2015-03-24 20:45 encfs-1.8.1/tests/benchmark-reverse.pl
[   31s] -rwxrwxr-x root/root      4596 2015-03-24 20:45 encfs-1.8.1/tests/benchmark.pl
[   31s] -rwxrwxr-x root/root      3672 2015-03-24 20:45 encfs-1.8.1/tests/common.pl
[   31s] -rw-rw-r-- root/root       546 2015-03-24 20:45 encfs-1.8.1/tests/mount-ecryptfs.expect
[   31s] -rwxrwxr-x root/root      8330 2015-03-24 20:45 encfs-1.8.1/tests/normal.t.pl
[   31s] -rwxrwxr-x root/root      5720 2015-03-24 20:45 encfs-1.8.1/tests/reverse.t.pl
[   31s] -rwxr-xr-x jakob/jakob  701825 2015-03-25 22:35 encfs-1.8.1/configure
[   31s] drwxr-xr-x jakob/jakob       0 2015-03-25 22:35 encfs-1.8.1/build-aux/
[   31s] -rwxr-xr-x jakob/jakob    6873 2015-03-25 22:35 encfs-1.8.1/build-aux/missing
[   31s] -rwxr-xr-x jakob/jakob   42856 2015-03-25 22:35 encfs-1.8.1/build-aux/config.guess
[   31s] -rwxr-xr-x jakob/jakob   13997 2015-03-25 22:35 encfs-1.8.1/build-aux/install-sh
[   31s] -rw-r--r-- jakob/jakob  283474 2015-03-25 22:35 encfs-1.8.1/build-aux/ltmain.sh
[   31s] -rwxr-xr-x jakob/jakob   18442 2015-03-25 22:25 encfs-1.8.1/build-aux/config.rpath
[   31s] -rwxr-xr-x jakob/jakob   35826 2015-03-25 22:35 encfs-1.8.1/build-aux/config.sub
[   31s] -rwxr-xr-x jakob/jakob   23566 2015-03-25 22:35 encfs-1.8.1/build-aux/depcomp
[   31s] -rw-r--r-- jakob/jakob   27657 2015-03-25 22:35 encfs-1.8.1/Makefile.in
[   31s] -rw-r--r-- jakob/jakob   16162 2015-03-25 22:25 encfs-1.8.1/po/Makefile.in.in
[   31s] -rw-r--r-- jakob/jakob   36227 2015-03-25 22:35 encfs-1.8.1/encfs/Makefile.in
[   31s] -rw-r--r-- jakob/jakob   13829 2015-03-25 22:35 encfs-1.8.1/m4/Makefile.in
[   31s] -rw-r--r-- jakob/jakob    4031 2015-03-25 22:35 encfs-1.8.1/config.h.in

add communication channel with running filesystem

This could be used to implement pre-suspend hooks - providing a command to force idle-based unmount of loaded keys.

encfs-1.8.1.tar.gz is missing aclocal.m4

Current tarball doesn't have aclocal.m4. So when trying to run make it will try to run aclocal, which might not work if autoconf is not installed or there could be problems because of non-matching libtool versions.

There is a script makedist.sh, which creates a tarball including all necessary files. Why is it no longer used?

autounmount

Does the autounmount-feature still work??
-i $minutes
Somehow it doesn't seem to do that anymore here, but it does accept the -i parameter.

how to tell ./configure to use my installation of fuse?

The system I use does not have fuse and, so, I have installed the latest version of it in my own home directory, say, /home/myuserid/local/fuse

How to tell ./configure to look for fuse in the above path?

Otherwise, it insists in looking for fuse in the usual system places and it does not find it.

checking fuse.h usability... no
checking fuse.h presence... no
checking for fuse.h... no
checking for fuse.h library with -I/usr/include/fuse... no
checking for fuse.h library with -I/usr/local/include/fuse... no
checking for fuse.h library with -I/opt/include/fuse... no
checking for fuse.h library with -I/opt/local/include/fuse... no
checking for fuse.h library with -I/usr/include/osxfuse... no
checking for fuse.h library with -I/usr/local/include/osxfuse... no
checking for fuse.h library with -I/opt/local/include/osxfuse... no
checking for fuse_mount in -lfuse... no
checking for fuse library with -L/usr/lib... no
checking for fuse library with -L/usr/local/lib... no
checking for fuse library with -L/opt/lib... no
checking for fuse library with -L/opt/local/lib... no
checking for fuse_mount in -losxfuse... no
checking for osxfuse library with -L/usr/lib... no
checking for osxfuse library with -L/usr/local/lib... no
checking for osxfuse library with -L/opt/lib... no
checking for osxfuse library with -L/opt/local/lib... no
checking for fuse_new in -lfuse... no
configure: error: Unable to find libfuse.

Thanks in advance for any help you may offer...I know this is not an issue, but otherwise, I don't know how to ask for help

switch to libgcrypt

Current dev tree supports either OpenSSL, Botan, or CommonCrypto.

Having worked now with these libraries, and tested a few more, I'm standardizing on libgcrypt for encfs2.

exec issue on musl encfs build

running encfs i get this:

Error relocating /usr/lib/libencfs.so.6: __cxa_throw_bad_array_new_length: symbol not found

Can provide environment to repeat this and any other information you need.

env:linux 3.14.27-2-grsec, musl-1.1.5, fuse-2.9.3, libencfs.so.6.0.2

in --public mounts permission denied with group and subgroup

if you mount a --public encrypted volume
encfs --public /data/encfs_data/ /data/data
you can protect a directory with groups.
If your user has groups
groups user
user: private veryprivate
as root you create a directory
(/data/data/private)
mkdir private; cd private
chmod 770 .
chgrp private .
and a sub directory
(/data/data/private/veryprivate)
mkdir veryprivate; cd veryprivate
chmod 770 .
chgrp veryprivate .
and as user "user" in "veryprivate" you try a
cat > aa.txt
you get a
-bash: aa.txt: Permission denied
however you can write such file as root
and as "user" you can delete it.

if you do the same things e.g. in ext4
you are able to write such file.

implement per-directory configuration

This could be used to provide per-directory keys or IVs, replacing directory IV chaining and the horrible recursive rename logic.

Add changelog entry for reverse per-file iv support

swap master and development branches

Rename master branch to development, leaving master to hold only stable releases.

This will better match github's standard auto-generated pages which provide download links for the master branch.

Same Key Used for Encryption and Authentication

From: https://defuse.ca/audits/encfs.htm

Exploitability: Low
Security Impact: Low

EncFS uses the same key for encrypting data and computing MACs. This is generally considered to be bad practice.

EncFS should use separate keys for encrypting data and computing MACs.

Stream Cipher Used to Encrypt Last File Block

From: https://defuse.ca/audits/encfs.htm

Exploitability: Unknown
Security Impact: High

As reported in [1], EncFS uses a stream cipher mode to encrypt the last file block. The change log says that the ability to add random bytes to a block was added as a workaround for this issue. However, it does not solve the problem, and is not enabled by default.

EncFS needs to use a block mode to encrypt the last block.

EncFS's stream encryption is unorthodox:

1. Run "Shuffle Bytes" on the plaintext.
    N[J+1] = Xor-Sum(i = 0 TO J) { P[i] }
    (N = "shuffled" plaintext value, P = plaintext)
2. Encrypt with (setIVec(IV), key) using CFB mode.
3. Run "Flip Bytes" on the ciphertext.
    This reverses bytes in 64-byte chunks.
4. Run "Shuffle Bytes" on the ciphertext.
5. Encrypt with (setIVec(IV + 1), key) using CFB mode.

Where setIVec(IV) = HMAC(globalIV || (IV), key), and,
    - 'globalIV' is an IV shared across the entire filesystem.
    - 'key' is the encryption key.

This should be removed and replaced with something more standard. As far as I can see, this provides no useful security benefit, however, it is relied upon to prevent the attacks in [1]. This is security by obscurity.

Edit : [1] may be unavailable, so here it is from archives.org :

[Full-disclosure] Multiple Vulnerabilities in EncFS
From: Micha Riser (micha[at]povworld.org)
Date: Thu Aug 26 2010 - 07:05:18 CDT
(...)
3. Last block with single byte is insecure 
------------------------------------------------------- 
The CFB cipher mode is insecure if it is used twice with the same 
initialization vector. In CFB, the ﬁrst block of the plain text is XOR-ed with 
the encrypted IV: 
  C0 = P0 XOR Ek (IV ) 
Therefore, for two cipher blocks C0 and C0' encrypted with the same IV, it 
holds that: 
  C0 XOR C0' = (P0 XOR Ek (IV )) XOR (P0' XOR Ek (IV )) = P0 XOR P0' 
This means that an attacker gets the XOR of the two plain texts. EncFs uses a 
modified version of CFB which additionally shuffles and reverses bytes. It is not 
clear however, if the modiﬁcations generally help against this problem. 

A security problem arises deﬁnitely if the last block contains only a single 
byte and an attacker has two versions of the last block. Operating on a single 
byte, the shuﬄe and reverse operation do nothing. What remains is a double 
encryption with CFB and XOR-ing the two cipher bytes gives the XOR of the 
two plain text bytes due to the reason described above. Encrypting the last 
block with a stream cipher instead of a block cipher saves at most 16 bytes 
(one cipher block). We think it would be better to sacriﬁce these bytes and in 
exchange rely only on a single encryption mode for all blocks which simpliﬁes 
both the crypto analysis and the implementation.

Doc spelling

https://vgough.github.io/encfs/

Every compute I use, including my mobile phones...
Every computer I use, including my mobile phones...

Configure error on Centos 6.6

checking for sys/xattr.h... yes
checking whether xattr interface takes additional options... no
./configure: line 20551: syntax error near unexpected token newline' ./configure: line 20551: yes:no:'

And these lines are:

# So?  What about this header?
case $ac_header_compiler:$ac_header_preproc:$ac_cxx_preproc_warn_flag in
  yes:no:
fi

64-bit MACs

From: https://defuse.ca/audits/encfs.htm

Exploitability: Low
Security Impact: Medium

EncFS uses 64-bit MACs. This is not long enough, as they can be forged in 2^64 time, which is feasible today.

EncFS should use (at least) 128-bit MACs.

Feature request: ignore invalid file names in encfsctl decode

When using encfsctl to decode file names (encfsctl decode ...), an error is produced each time a file name is invalid.

There should be a switch such that all tokens that are not valid encrypted file names are simply passed through to stdout unchanged.

The use case is this: suppose you have a log file with a lot of encrypted file names. For example a log file from a backup of an encrypted file system. Then you can simply pipe the entire log file though encfsctl and all file names are decrypted.

This might be incompatible with Filename Initialization Vector Chaining, I'm not sure. But for cases with Filename Initialization Vector Chaining is disabled, it should be easy to implement.

File Holes are Not Authenticated

From: https://defuse.ca/audits/encfs.htm

Exploitability: High
Security Impact: Low

File holes allow large files to contain "holes" of all zero bytes, which are not saved to disk. EncFS supports these, but it determines if a file block is part of a file hole by checking if it is all zeroes. If an entire block is zeroes, it passes the zeroes on without decrypting it or verifying a MAC.

This allows an attacker to insert zero blocks inside a file (or append zero blocks to the end of the file), without being detected when MAC headers are enabled.

GUI for encfs

I have a folder named "Backup_encfs" that I created with a program from Ubuntu. I recently reinstalled Ubuntu 14.04 and can not find the software I used to create the encrypted folder. I find encfs in the Ubuntu Software Center, but it is the command line programs. I wonder what happened to that simple GUI interface program I had used before?

vgough / encfs Goto Github PK

encfs's Introduction

EncFS - an Encrypted Filesystem

About

Status

Unique Features

Reverse mode

Fast on classical HDDs

Works on top of network filesystems

Development

Windows

FAQ

What settings should I use for Dropbox?

encfs's People

Contributors

Stargazers

Watchers

Forkers

encfs's Issues

Recommend Projects

Recommend Topics

Recommend Org