Skip to content
/ rencfs Public
forked from xoriors/rencfs

An encrypted file system in Rust that mounts with FUSE on Linux. It can be used to create encrypted directories.

License

Notifications You must be signed in to change notification settings

esavier/rencfs

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

RencFs

An encrypted file system that mounts with FUSE on Linux. It can be used to create encrypted directories.

It can then safely backup the encrypted folder on an untrusted server without worrying about the data being exposed.
You can also store it in any cloud storage like Google Drive, Dropbox, etc. and have it synced across multiple devices.


rencfs-bin crates.io docs.rs test

Usage

You can use it as a command line tool to mount an encrypted file system, or directly using the library to build your own binary (for library, you can follow the documentation).

Command Line Tool

To use the encrypted file system, you need to have FUSE installed on your system. You can install it by running the following command (or based on your distribution)

Arch

sudo pacman -Syu && sudo pacman -S fuse3

Ubuntu

sudo apt-get update && sudo apt-get -y install fuse3

Install from AUR

You can install the encrypted file system binary using the following command

yay -Syu
yay -S rencfs

Install with cargo

You can install the encrypted file system binary using the following command

cargo install rencfs

A basic example of how to use the encrypted file system is shown below

rencfs --mount-point MOUNT_POINT --data-dir DATA_DIR

Where MOUNT_POINT is the directory where the encrypted file system will be mounted and DATA_DIR is the directory where the encrypted data will be stored.
It will prompt you to enter a password to encrypt/decrypt the data.

Change Password

The encryption key is stored in a file and encrypted with a key derived from the password. This offers the possibility to change the password without needing to decrypt and re-encrypt the whole data. This is done by decrypting the key with the old password and re-encrypting it with the new password.

To change the password, you can run the following command

rencfs --change-password --data-dir DATA_DIR

Where DATA_DIR is the directory where the encrypted data is stored.
It will prompt you to enter the old password and then the new password.

Encryption info

You can specify the encryption algorithm and derive key hash rounds adding these arguments to the command line

--cipher CIPHER --derive-key-hash-rounds ROUNDS

Where CIPHER is the encryption algorithm and ROUNDS is the number of rounds to derive the key hash.
You can check the available ciphers with rencfs --help.

Default values are ChaCha20 and 600_000 respectively.

Log level

You can specify the log level adding the --log-level argument to the command line. Possible values: TRACE, DEBUG, INFO (default), WARN, ERROR.

--log-level LEVEL

Start it in docker

Get the image

docker pull xorio42/rencfs

Start a container to set up mount in it

docker run -it --device /dev/fuse --cap-add SYS_ADMIN --security-opt apparmor:unconfined xorio42/rencfs:latest /bin/sh

In the container create mount and data directories

mkdir fsmnt && mkdir fsdata

Start rencfs

rencfs --mount-point fsmnt --data-dir fsdata

Enter a password for encryption.

Get the container ID

docker ps

In another terminal attach to running container with the above ID

docker exec -it <ID> /bin/sh

From here you can play with it by creating files in fsmnt directory

cd fsmnt
mkdir 1
ls
echo "test" > 1/test
cat 1/test

Building from source

Getting the sources

[email protected]:radumarias/rencfs.git

Dependencies

Rust

To build from source, you need to have Rust installed, you can see more details on how to install it here.

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Accordingly, it is customary for Rust developers to include this directory in their PATH environment variable. During installation rustup will attempt to configure the PATH. Because of differences between platforms, command shells, and bugs in rustup, the modifications to PATH may not take effect until the console is restarted, or the user is logged out, or it may not succeed at all.

If, after installation, running rustc --version in the console fails, this is the most likely reason. In that case please add it to the PATH manually.

Other dependencies

Also these deps are required (or based on your distribution):

Arch

sudo pacman -Syu && sudo pacman -S openssl lib32-openssl fuse3 base-devel

Ubuntu

sudo apt-get update && sudo apt-get install libssl-dev openssl fuse3 build-essentials

Build for debug

cargo build

Build release

cargo build --release

Run

cargo run -- --mount-point MOUNT_POINT --data-dir DATA_DIR

About

An encrypted file system in Rust that mounts with FUSE on Linux. It can be used to create encrypted directories.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Rust 99.4%
  • Dockerfile 0.6%