gocryptfs | Encrypted overlay filesystem written in Go | Encryption library

 by   rfjakob Go Version: v2.3.2 License: MIT

kandi X-RAY | gocryptfs Summary

kandi X-RAY | gocryptfs Summary

gocryptfs is a Go library typically used in Security, Encryption applications. gocryptfs has no bugs, it has no vulnerabilities, it has a Permissive License and it has medium support. You can download it from GitHub.

An encrypted overlay filesystem written in Go. Official website: (markdown source). gocryptfs is built on top the excellent go-fuse FUSE library. This project was inspired by EncFS and strives to fix its security issues while providing good performance (benchmarks). For details on the security of gocryptfs see the Security design document. All tags from v0.4 onward are signed by the gocryptfs signing key. Please check Signed Releases for details.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              gocryptfs has a medium active ecosystem.
              It has 2907 star(s) with 219 fork(s). There are 58 watchers for this library.
              There were 1 major release(s) in the last 12 months.
              There are 45 open issues and 552 have been closed. On average issues are closed in 139 days. There are 2 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of gocryptfs is v2.3.2

            kandi-Quality Quality

              gocryptfs has no bugs reported.

            kandi-Security Security

              gocryptfs has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

            kandi-License License

              gocryptfs is licensed under the MIT License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              gocryptfs releases are available to install and integrate.
              Installation instructions, examples and code snippets are available.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of gocryptfs
            Get all kandi verified functions for this library.

            gocryptfs Key Features

            No Key Features are available at this moment for gocryptfs.

            gocryptfs Examples and Code Snippets

            No Code Snippets are available at this moment for gocryptfs.

            Community Discussions

            QUESTION

            How do you encrypt large files / byte streams in Go?
            Asked 2018-Oct-21 at 01:57

            I have some large files I would like to AES encrypt before sending over the wire or saving to disk. While it seems possible to encrypt streams, there seems to be warnings against doing this and instead people recommend splitting the files into chunks and using GCM or crypto/nacl/secretbox.

            Processing streams of data is more difficult due to the authenticity requirement. We can’t encrypt-then-MAC: by it’s nature, we usually don’t know the size of a stream. We can’t send the MAC after the stream is complete, as that usually is indicated by the stream being closed. We can’t decrypt a stream on the fly, because we have to see the entire ciphertext in order to check the MAC. Attempting to secure a stream adds enormous complexity to the problem, with no good answers. The solution is to break the stream into discrete chunks, and treat them as messages.

            Files are segmented into 4KiB blocks. Each block gets a fresh random 128 bit IV each time it is modified. A 128-bit authentication tag (GHASH) protects each block from modifications.

            If a large amount of data is decrypted it is not always possible to buffer all decrypted data until the authentication tag is verified. Splitting the data into small chunks fixes the problem of deferred authentication checks but introduces a new one. The chunks can be reordered... ...because every chunk is encrypted separately. Therefore the order of the chunks must be encoded somehow into the chunks itself to be able to detect rearranging any number of chunks.

            Can anyone with actual cryptography experience point me in the right direction?

            Update

            I realized after asking this question that there is a difference between simply not being able to fit the whole byte stream into memory (encrypting a 10GB file) and the byte stream also being an unknown length that could continue long past the need for the stream's start to be decoded (an 24-hour live video stream).

            I am mostly interested in large blobs where the end of the stream can be reached before the beginning needs to be decoded. In other words, encryption that does not require the whole plaintext/ciphertext to be loaded into memory at the same time.

            ...

            ANSWER

            Answered 2018-Mar-29 at 06:52

            As you've already discovered from your research, there isn't much of an elegant solution for authenticated encryption of large files.

            There are traditionally two ways to approach this problem:

            • Split the file into chunks, encrypt each chunk individually and let each chunk have its own authentication tag. AES-GCM would be the best mode to use for this. This method causes file size bloating proportionate to the size of the file. You'll also need a unique nonce for each chunk. You also need a way to indicate where chunks begin/end.

            • Encrypt using AES-CTR with a buffer, call Hash.Write on an HMAC for each buffer of encrypted data. The benefit of this is that encrypting can be done in one pass. The downside is that decryption requires one pass to validate the HMAC and then another pass to actually decrypt. The upside here is that the file size remains the same, plus roughly ~48 or so bytes for the IV and HMAC result.

            Neither is ideal, but for very large files (~2GB or more), the second option is probably preferred.

            I have included an example of encryption in Go using the second method below. In this scenario, the last 48 bytes are the IV (16 bytes) and the result of the HMAC (32 bytes). Note the HMACing of the IV also.

            Source https://stackoverflow.com/questions/49546567

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install gocryptfs

            Precompiled binaries that work on all x86_64 Linux systems are available for download from the github releases page.

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/rfjakob/gocryptfs.git

          • CLI

            gh repo clone rfjakob/gocryptfs

          • sshUrl

            git@github.com:rfjakob/gocryptfs.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular Encryption Libraries

            certbot

            by certbot

            Signal-Android

            by signalapp

            unlock-music

            by unlock-music

            client

            by keybase

            Signal-Server

            by signalapp

            Try Top Libraries by rfjakob

            earlyoom

            by rfjakobC

            cshatag

            by rfjakobGo

            systembus-notify

            by rfjakobC

            eme

            by rfjakobGo

            gocryptfs-website

            by rfjakobHTML