An encrypted overlay filesystem written in Go. Official website: https://nuetzlich.net/gocryptfs (markdown source).

gocryptfs is built on top the excellent go-fuse FUSE library. This project was inspired by EncFS and strives to fix its security issues while providing good performance (benchmarks). For details on the security of gocryptfs see the Security design document.
All tags from v0.4 onward are signed by the gocryptfs signing key. Please check Signed Releases for details.
gocryptfs has reached version 1.0 on July 17, 2016. It has gone through hours and hours of stress (fsstress, extractloop.bash) and correctness testing (xfstests). It is now considered ready for general consumption.
The old principle still applies: Important data should have a backup. Also, keep a copy of your master key (printed at init) in a safe place. This allows you to access the data even if the gocryptfs.conf config file is damaged or you lose the password.
The security of gocryptfs has been audited in March 3, 2017. The audit is available here (defuse.ca).
Linux is gocryptfs' native platform.
Beta-quality macOS support is available, which means most things work fine but you may hit an occasional problem. Check out ticket #15 for the history of macOS support but please create a new ticket if you hit a problem.
For Windows, an independent C++ reimplementation can be found here: cppcryptfs
Standalone tools:
gocryptfs-inspect is Python tool that can decrypt files & file names without using FUSE.
gocryptfs-create-folder is a Python tool can encrypt a directory without using FUSE.
Precompiled binaries that work on all x86_64 Linux systems are available
for download from the github releases page. The fuse package from your
distribution must be installed for mounting to work.
gocryptfs is also available as a package in most distributions. Examples:
apt install gocryptfspacman -S gocryptfsport install gocryptfsSee the Quickstart page for more info.
gocryptfs comes with is own test suite that is constantly expanded as features are
added. Run it using ./test.bash. It takes about 1 minute and requires FUSE
as it mounts several test filesystems.
The stress_tests directory contains stress tests that run indefinitely.
In addition, I have ported xfstests to FUSE, the result is the
fuse-xfstests project. gocryptfs
passes the "generic" tests with one exception, results: XFSTESTS.md
A lot of work has gone into this. The testing has found bugs in gocryptfs as well as in the go-fuse library.
Install Go 1.13 or higher:
apt install golangdnf install golangThen, download the source code and compile:
$ git clone https://github.com/rfjakob/gocryptfs.git
$ cd gocryptfs
$ ./build-without-openssl.bash
This will compile a static binary that uses the Go stdlib crypto backend.
If you want to use the OpenSSL crypto backend (faster on old CPUs lacking AES-NI), you have to install a few dependencies:
apt install libssl-dev gcc pkg-configdnf install openssl-devel gcc pkg-configThen, run:
$ ./build.bash
$ mkdir cipher plain
$ ./gocryptfs -init cipher
$ ./gocryptfs cipher plain
See the Quickstart page for more info.
The MANPAGE.md describes all available command-line options.
$ mkdir cipher plain
$ ./gocryptfs -reverse -init plain
$ ./gocryptfs -reverse plain cipher
The SiriKali project supports gocryptfs and runs on Linux and OSX.
cppcryptfs on Windows provides its own GUI.
If you want to call gocryptfs from your app or script, see CLI_ABI.md for the official stable ABI. This ABI is regression-tested by the test suite.
file-format.md contains a more detailed description.
Since version 0.7.2, gocryptfs is as fast as EncFS in the default mode, and significantly faster than EncFS' "paranoia" mode that provides a security level comparable to gocryptfs.
On CPUs without AES-NI, gocryptfs uses OpenSSL through a thin wrapper called stupidgcm.
This provides a 4x speedup compared to Go's builtin AES-GCM
implementation. See CPU-Benchmarks
for details, or run gocryptfs -speed to see the encryption performance of your CPU.
Example for a CPU with AES-NI:
$ ./gocryptfs -speed
gocryptfs v2.2.0-beta1-5-g52b0444-dirty; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-14 go1.17.1 linux/amd64
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz; with AES acceleration
AES-GCM-256-OpenSSL 862.79 MB/s
AES-GCM-256-Go 997.71 MB/s (selected in auto mode)
AES-SIV-512-Go 159.58 MB/s
XChaCha20-Poly1305-OpenSSL 729.65 MB/s
XChaCha20-Poly1305-Go 843.97 MB/s (selected in auto mode)
You can run ./benchmark.bash to run gocryptfs' canonical set of
benchmarks that include streaming write, extracting a linux kernel
tarball, recursively listing and finally deleting it. The output will
look like this:
$ ./benchmark.bash
Testing gocryptfs at /tmp/benchmark.bash.xFD: gocryptfs v2.0; go-fuse v2.1.1-0.20210508151621-62c5aa1919a7; 2021-06-06 go1.16.5 linux/amd64
WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,698174 s, 375 MB/s
READ: 262144000 bytes (262 MB, 250 MiB) copied, 0,268916 s, 975 MB/s
UNTAR: 8,970
MD5: 4,846
LS: 1,851
RM: 2,367
cipherSize X: incomplete last block (Y bytes), padding to Z bytes
(harmless but annoying, #951)test-without-openssl.bash trying to build tests with openssl enabled
(2ebd0d754b8ee4)-force_owner not allowing file/dir create ( https://github.com/rfjakob/gocryptfs/issues/783 )TestBtrfsQuirks if mkfs.btrfs is not installed ( https://github.com/rfjakob/gocryptfs/issues/930 )go install failing with g: malformed file path "tests/fsck/malleable_base64/27AG8t-XZH7G9ou2OSD_z\ng": invalid char '\n'
(c80558)syscallcompat.Setreuid (and friends) wrappers
(6b1ba584)golang.org/x/sys again-reverse mode affecting the virtual gocryptfs.diriv and
gocryptfs.longname.*.name files. The bug can cause file names to become
undecryptable. To make sure that sync tools like rsync copy new, good copies,
gocryptfs v2.5.0 and later advance ctime and mtime for these files by 10 seconds.-reverse mode sometimes (triggered by inode number reuse) returning stale
data for gocryptfs.diriv (#802)-reverse mode hardlinking gocryptfs.longname.*.name files of hardlinked
files together (#802)-reverse mode ignoring -force-owner (#809)-ctlsock: automatically delete orphaned colliding socket file (#776)-fido2-assert-option (#807)-init now accepts -masterkey-passwd now ignores -extpass and -passfile for the new password (#287, #882)mount(2) syscall before falling back to fusermount(1). This means we
don't need fusermount(1) at all if running as root or in a root-like namespace
(#697)-extpass mis-parsing commas (#730)rm -R mis-reporting write-protected directory on gocryptfs on sshfs
(commit)debug.ReadBuildInfo() to provide some
version information even when not built with build.bash (#701) .logger process to be killed when started from xfce4-terminal,
and that terminal window was closed (#660,
commit).read-only file system (#690)-longnamemax flag to -init (#499).
Can be used to work around file or path length restrictions on online storage.
See the man page
for details.NO_COLOR env variable (#617)-force_owner not not affecting socket files (#629gocryptfs.conf in reverse mode (commit)-force_owner only taking effect after 2 seconds (#609).
This was a regression introduced in v2.0.date: illegal option -- - when SOURCE_DATE_EPOCH is set
([#570](https://github.com/rfjakob/gocryptfs/issues$ claude mcp add gocryptfs \
-- python -m otcore.mcp_server <graph>