gocryptfs | Encrypted overlay filesystem written in Go | Encryption library

 by   rfjakob Go Version: v2.3.2 License: MIT

X-RayKey FeaturesCode SnippetsCommunity Discussions(1)VulnerabilitiesInstallSupport

kandi X-RAY | gocryptfs Summary

kandi X-RAY | gocryptfs Summary

gocryptfs is a Go library typically used in Security, Encryption applications. gocryptfs has no bugs, it has no vulnerabilities, it has a Permissive License and it has medium support. You can download it from GitHub.

An encrypted overlay filesystem written in Go. Official website: (markdown source). gocryptfs is built on top the excellent go-fuse FUSE library. This project was inspired by EncFS and strives to fix its security issues while providing good performance (benchmarks). For details on the security of gocryptfs see the Security design document. All tags from v0.4 onward are signed by the gocryptfs signing key. Please check Signed Releases for details.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              gocryptfs has a medium active ecosystem.
              It has 2907 star(s) with 219 fork(s). There are 58 watchers for this library.
              OutlinedDot
              It had no major release in the last 12 months.
              There are 45 open issues and 552 have been closed. On average issues are closed in 139 days. There are 2 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of gocryptfs is v2.3.2

            kandi-Quality Quality

              gocryptfs has no bugs reported.

            kandi-Security Security

              gocryptfs has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

            kandi-License License

              gocryptfs is licensed under the MIT License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              gocryptfs releases are available to install and integrate.
              Installation instructions, examples and code snippets are available.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of gocryptfs
            Get all kandi verified functions for this library.

            gocryptfs Key Features

            No Key Features are available at this moment for gocryptfs.

            gocryptfs Examples and Code Snippets

            No Code Snippets are available at this moment for gocryptfs.

            Community Discussions

            Trending Discussions on gocryptfs

            How do you encrypt large files / byte streams in Go?

            QUESTION

            How do you encrypt large files / byte streams in Go?
            Asked 2018-Oct-21 at 01:57

            I have some large files I would like to AES encrypt before sending over the wire or saving to disk. While it seems possible to encrypt streams, there seems to be warnings against doing this and instead people recommend splitting the files into chunks and using GCM or crypto/nacl/secretbox.

            Processing streams of data is more difficult due to the authenticity requirement. We can’t encrypt-then-MAC: by it’s nature, we usually don’t know the size of a stream. We can’t send the MAC after the stream is complete, as that usually is indicated by the stream being closed. We can’t decrypt a stream on the fly, because we have to see the entire ciphertext in order to check the MAC. Attempting to secure a stream adds enormous complexity to the problem, with no good answers. The solution is to break the stream into discrete chunks, and treat them as messages.

            Files are segmented into 4KiB blocks. Each block gets a fresh random 128 bit IV each time it is modified. A 128-bit authentication tag (GHASH) protects each block from modifications.

            If a large amount of data is decrypted it is not always possible to buffer all decrypted data until the authentication tag is verified. Splitting the data into small chunks fixes the problem of deferred authentication checks but introduces a new one. The chunks can be reordered... ...because every chunk is encrypted separately. Therefore the order of the chunks must be encoded somehow into the chunks itself to be able to detect rearranging any number of chunks.

            Can anyone with actual cryptography experience point me in the right direction?

            Update

            I realized after asking this question that there is a difference between simply not being able to fit the whole byte stream into memory (encrypting a 10GB file) and the byte stream also being an unknown length that could continue long past the need for the stream's start to be decoded (an 24-hour live video stream).

            I am mostly interested in large blobs where the end of the stream can be reached before the beginning needs to be decoded. In other words, encryption that does not require the whole plaintext/ciphertext to be loaded into memory at the same time.

            ...

            ANSWER

            Answered 2018-Mar-29 at 06:52

            As you've already discovered from your research, there isn't much of an elegant solution for authenticated encryption of large files.

            There are traditionally two ways to approach this problem:

            • Split the file into chunks, encrypt each chunk individually and let each chunk have its own authentication tag. AES-GCM would be the best mode to use for this. This method causes file size bloating proportionate to the size of the file. You'll also need a unique nonce for each chunk. You also need a way to indicate where chunks begin/end.

            • Encrypt using AES-CTR with a buffer, call Hash.Write on an HMAC for each buffer of encrypted data. The benefit of this is that encrypting can be done in one pass. The downside is that decryption requires one pass to validate the HMAC and then another pass to actually decrypt. The upside here is that the file size remains the same, plus roughly ~48 or so bytes for the IV and HMAC result.

            Neither is ideal, but for very large files (~2GB or more), the second option is probably preferred.

            I have included an example of encryption in Go using the second method below. In this scenario, the last 48 bytes are the IV (16 bytes) and the result of the HMAC (32 bytes). Note the HMACing of the IV also.

            Source https://stackoverflow.com/questions/49546567

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install gocryptfs

            Precompiled binaries that work on all x86_64 Linux systems are available for download from the github releases page.

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Reuse Trending Solutions

            build-a-realtime-voice-to-image-generator-using-generative-ai
            build-a-realtime-voice-to-image-generator-using-generative-ai
            Build a Realtime Voice-to-Image Generator using Generative AI
            image-resizing-using-opencv-in-python
            image-resizing-using-opencv-in-python
            Image Resizing using OpenCV in Python
            build-your-own-gpt4all-content-generator
            build-your-own-gpt4all-content-generator
            Build your own Custom GPT Content Generator (Open-Source ChatGPT Alternative)
            validate-an-email-address-in-javascript
            validate-an-email-address-in-javascript
            How to Validate an Email Address in JavaScript
            age-calculator-using-javascript
            age-calculator-using-javascript
            Age Calculator using JavaScript
            addressing-bias-in-ai---toolkit-for-fairness,-explainability-and-privacy
            addressing-bias-in-ai---toolkit-for-fairness,-explainability-and-privacy
            Addressing Bias in AI - Toolkit for Fairness, Explainability and Privacy
            javascript-node-js-payment-processing
            javascript-node-js-payment-processing
            15 best JavaScript Node.js Payment libraries
            build-credit-risk-predictor-using-federated-learning
            build-credit-risk-predictor-using-federated-learning
            Build Credit Risk predictor using Federated Learning
            top-10-javascript-tours-and-guides-libraries-in-2023
            top-10-javascript-tours-and-guides-libraries-in-2023
            10 Best JavaScript Tours and Guides Libraries in 2023
            disease-predictor
            disease-predictor
            Disease Predictor using Pandas & Scikit
            python-face-recognition
            python-face-recognition
            28 best Python Face Recognition libraries

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/rfjakob/gocryptfs.git

          • CLI

            gh repo clone rfjakob/gocryptfs

          • sshUrl

            git@github.com:rfjakob/gocryptfs.git

            • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            EncryptionSecurity

            Reuse Encryption Kits

            25 best Java Encryption libraries
            See all related Kits

            Reuse Security Kits

            15 best Ruby Server Side Scripting libraries
            DDoS Attack Detection
            11 best Python Proof of work libraries
            Highly Secured WiFi Router
            OTP Verification System
            See all related Kits

            Consider Popular Encryption Libraries

            certbot

            by certbot

            Signal-Android

            by signalapp

            unlock-music

            by unlock-music

            client

            by keybase

            Signal-Server

            by signalapp

            See all Encryption Libraries

            Try Top Libraries by rfjakob

            earlyoom

            by rfjakobC

            cshatag

            by rfjakobGo

            systembus-notify

            by rfjakobC

            eme

            by rfjakobGo

            gocryptfs-website

            by rfjakobHTML

            See all Learning Libraries

            Open Weaver – Develop Applications Faster with Open Source

            kandi

            Community and Support

            Company

            Follow

            • © 2023 Open Weaver Inc.