EncFS

EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. You can find links to source and binary releases below. EncFS is open source software, licensed under the GPL.

As with most encrypted filesystems, Encfs is meant to provide security against off-line attacks; ie your notebook or backups fall into the wrong hands, etc. The way Encfs works is different from the “loopback” encrypted filesystem support built into the Linux kernel because it works on files at a time, not an entire block device. This is a big advantage in some ways, but does not come without a cost.

See also the extended introduction page if you are new to EncFS.

If you need help, please use the encfs-users mailing list. You can also send me encfs questions directly, but I may CC a response to the mailing list, to help other people who may have the same question.

Slides from talk: In July 2005 I gave a presentation of EncFS at the Libre Software Meeting in France. Slides are available as PDF, or with last-minute changes in OpenOffice presentation format.

Warning: OpenSSL versioning is messy.  Lots of changes occur even in minor letter updates (eg 0.9.8c -> 0.9.8d).

EncFS prompts the user for information, primarily when creating a new filesystem. EncFS prompts have been translated into many languages by volunteers. If your native language is not already supported, or only partially translated, please consider adding more translations online using the Rosetta interface.

If you want to be notified when new versions are released, subscribe using the “Subscribe to New Releases” option on the EncFS Freshmeat page

See also the encfs man page (installed with encfs), or here

Note: Downloads are signed with my PGP key (2EAF4D80). RPM files have an embedded signature, and tar files have a detached signature (.asc). If you have a PGP key and have verified other’s keys, you can check for a chain of trust at PGP Pathfinder.

In addition to the releases below, the latest code is also available via SVN. 

EncFS 1.4.2 -- April 13, 2008

Download

• encfs-1.4.2.tgz
• encfs-1.4.2.tgz.asc - GPG signature for tar file

1.4.2 (April 13, 2008) Change Log

Features / improvements:

• add option to pass-through file 'holes'.  Only available in expert mode. (launchpad 202200)
• config file format changed to XML via boost serialization (config file is now .encfs6.xml)
  

Bug fixes:

• remove ulockmgr support, caused numerous locking issues. (launchpad 184966, 200685)
• fix symlink handling in encfsctl export (launchpad 201974)
  
• fix stdinpass option parsing, reported by Scott Hendrickson
• fix path suffix in encfsctl

1.4.1.1 (January 15, 2008) Change Log

Bug fixes:

• fix recursive directory rename bug introduced in 1.4.0 (launchpad bug 183358)
  

1.4.1 (January 12, 2008) Change Log 

Features / improvements: 

• add new options from 1.4.0 to man page

Bug fixes:

• return unencrypted link size on fstat of a symbolic link, otherwise git fails when working with symbolic links.  Reported by Daniel Clemente
  
• chop off trailing newline from passwords passed via --stdinpass option (Launchpad bug 182214), patch by mpb.
  

• add on-demand mount option.  Combined with external password prompting & idle timeout, this allows user to be prompted for a password when filesystem is accessed.
  
• reverse-encryption support by Keary Griffin, which produces an encrypted filesystem on-demand - useful in combination with rsync for creating a remote encrypted backup. 
  
• run external password program via shell to allow passing arguments, patch by Liraz
  
• pass through -o options to FUSE, for mounting through fstab (Launchpad bug 108649)
• add -h option to encfssh, patch by Ryan Smith-Roberts

Bug fixes:

• fix failure to undo a failed directory rename (Launchpad bug 160214)
• don't close stderr when running in foreground 

Other Changes:

• Update to libfuse 2.6 API, adding lock support through ulockmgr.
  
• Replaced internal reference counting implementation with Boost C++ Library eliminating some complex (and potentially buggy) locking code.