Other articles

  1. How to configure EncFS on OSX 10.10 (Yosemite)

    With EncFS it's possible to keep our data in almost any cloud (Dropbox, OneDrive, etc...), having a good level of privacy and security. Infact EncFS encrypt and decrypt our data automatically. It's available for Linux as well and using a commercial solution (that is currently unsupported) even on Windows.

    Installing EncFS

    EncFS can be installed from brew. If you don't have brew package manager installed on OSX you can install it using this command:

    ``` {.lang:sh .decode:true} ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

    After brew, you need to install **OSXFuse** from this
    website <http://osxfuse.github.io>
    Finally you can install **encfs** using this command:
    ``` {.lang:sh .decode:true}
    brew install homebrew/fuse/encfs

    Configuring the encrypted folder

    Now that EncFS is installed, you can either mount an existing EncFS volume or create a new one. In both cases the command is the same:

    ``` {.lang:sh .decode:true} encfs ~/Dropbox/Private ~/Private

    If you are mounting an existing encrypted volume, you will be prompted
    for the password. If you are creating a new encrypted volume you will be
    asked some questions about EncFS parameters.
    **Note:** if it's important for you to keep compatibility with
    **[BoxCryptor Classic](https://www.boxcryptor.com/en/classic)** (in case
    you want to use the same volume under Windows), please refer to this
    other article I
    wrote: <https://www.andreagrandi.it/2014/09/12/create-an-encfs-volume-compatible-with-boxcryptor-classic/>
    Mount the encrypted volume on startup
    First of all you need to save the volume's password inside the OSX
    keychain. Open the app **Keychain Access** and create a new entry with
    name **encfs** and account value **encfs**, then write your **password**
    and click **Add**:
    .size-full .wp-image-1052 width="428"
    Once the password is saved, **open a text editor** and paste this script
    and save it as **encfs\_mount.sh** inside your **\$HOME** folder:
    ``` {.lang:sh .decode:true}
    # Secure EncFS Dropbox mounter by Daniel Widerin <[email protected]>
    mount | grep $TARGET >/dev/null
    [[ "$?" -eq "0" ]] && /usr/sbin/diskutil unmount $TARGET
    if [ ! -d $TARGET ]; then
     echo "Create new mountpoint $TARGET"
     mkdir $TARGET
     chmod 0700 $TARGET
    $ENCFS $SOURCE $TARGET --extpass="security 2>&1 >/dev/null find-generic-password -gl '$KEYCHAIN_PASSWORD' |grep password|cut -d \\\" -f 2" -ovolname=$VOLUME_TITLE

    Make it executable:

    ``` {.lang:sh .decode:true} chmod +x ~/encfs_mount.sh

    Open **AppleScript** editor and paste this text inside and save as an
    app in the \$HOME folder:
    [![Screenshot 2015-10-11
    .size-full .wp-image-1055 width="484"
    ``` {.lang:sh .decode:true}
    do shell script "$HOME/encfs_mount.sh"

    Finally, open "System Preferences" -> "Users & Groups" and add the previously saved application.

    Screenshot 2015-10-11
19.27.44{.aligncenter .size-full .wp-image-1056 width="463" height="380"}

    Final notes

    At this point encfs is configured to be mounted at startup and to save the encrypted files inside Dropbox. Please note: do not save anything directly on \~/Dropbox/Private, only read and save your files from \~/Private


    read more


  2. Create an EncFS volume compatible with BoxCryptor Classic

    If you are planning to share an encrypted volume between Linux/OSX and Windows (I will assume you are sharing it on Dropbox, but you could use any similar service) and you are using EncFS under Linux/OSX and BoxCryptor under Windows, there are some specifig settings to use when you create the EncFS volume. Infact even if BoxCryptor claims to be "encfs compatible", it's not 100%.

    Suppose you want to create an encrypted volume located at \$HOME/.TestTmpEncrypted and mounted at \$HOME/TestTmp you need the following command:

    andrea-Inspiron-660:~ andrea $ encfs ~/.TestTmpEncrypted ~/TestTmp

    answer "Y" when you are asked if you want to create the folders:

    The directory "/home/andrea/.TestTmpEncrypted/" does not exist. Should it be created? (y,n) y
    The directory "/home/andrea/TestTmp" does not exist. Should it be created? (y,n) y

    At this point you will need to select between default paranoia mode or advanced mode. Please choose the advanced one (x):

    Creating new encrypted volume.
    Please choose from one of the following options:
     enter "x" for expert configuration mode,
     enter "p" for pre-configured paranoia mode,
     anything else, or an empty line will select standard mode.
    ?> x

    Manual configuration mode selected.

    Select AES as cypher algorithm:
    The following cypher algorithms are available:
    1. AES : 16 byte block cipher
    -- Supports key lengths of 128 to 256 bits
    -- Supports block sizes of 64 to 4096 bytes
    2. Blowfish : 8 byte block cypher
    -- Supports key lengths of 128 to 256 bits
    -- Supports block sizes of 64 to 4096 bytes
    Enter the number corresponding to your choice: 1
    Selected algorithm "AES"

    Select 256 as key size:

    Please select a key size in bits. The cypher you have chosen
    supports sizes from 128 to 256 bits in increments of 64 bits.
    For example:
    128, 192, 256
    Selected key size: 256
    Using key size of 256 bits

    Choose 1024 as block size:

    Select a block size in bytes. The cypher you have chosen
    supports sizes from 64 to 4096 bytes in increments of 16.
    Alternatively, just press enter for the default (1024 bytes)
    filesystem block size:
    Using filesystem block size of 1024 bytes

    Select Stream as filename encoding:

    The following filename encoding algorithms are available:
    1. Block : Block encoding, hides file name size somewhat
    2. Null : No encryption of filenames
    3. Stream : Stream encoding, keeps filenames as short as possible
    Enter the number corresponding to your choice: 3
    Selected algorithm "Stream""

    Do NOT enable filename initialization vector chaining:

    Enable filename initialization vector chaining?
    This makes filename encoding dependent on the complete path,
    rather then encoding each path element individually.
    The default here is Yes.
    Any response that does not begin with 'n' will mean Yes: no

    Do NOT enable per-file initialization vectors:

    Enable per-file initialization vectors?
    This adds about 8 bytes per file to the storage requirements.
    It should not affect performance except possibly with applications
    which rely on block-aligned file io for performance.
    The default here is Yes.
    Any response that does not begin with 'n' will mean Yes: no

    Do NOT enable external chained IV:

    External chained IV disabled, as both 'IV chaining'
    and 'unique IV' features are required for this option.
    Enable block authentication code headers
    on every block in a file? This adds about 12 bytes per block
    to the storage requirements for a file, and significantly affects
    performance but it also means [almost] any modifications or errors
    within a block will be caught and will cause a read error.
    The default here is No.
    Any response that does not begin with 'y' will mean No: no

    Do NOT enable random bytes to each block header:

    Add random bytes to each block header?
    This adds a performance penalty, but ensures that blocks
    have different authentication codes. Note that you can
    have the same benefits by enabling per-file initialisation
    vectors, which does not come with as great a performance
    Select a number of bytes, from 0 (no random bytes) to 8: 0

    Enable file-hole pass-through:

    Enable file-hole pass-through?
    This avoids writing encrypted blocks when file holes are created.
    The default here is Yes.
    Any response that does not begin with 'n' will mean Yes: yes

    Finally you will see:

    Configuration finished. The filesystem to be created has
    the following properties:
    Filesystem cypher: "ssl/aes", version 3:0:2
    Filename encoding: "nameio/stream", version 2:1:2
    Key Size: 256 bits
    Block Size: 1024 bytes
    File holes passed through to ciphertext.

    At this point set a passphrase for your new volume:

    Now you will need to enter a password for your filesystem.
    You will need to remember this password, as there is absolutely
    no recovery mechanism. However, the password can be changed
    later using encfsctl.
    New Encfs Password:
    Verify Encfs Password:

    You should be able to mount this volume using BoxCryptor.

    read more


  3. How to fix encfs installation on OSX 10.9 (Mavericks) and brew

    After upgrading from OSX 10.8.x to 10.9 (Mavericks), encfs recipe is broken. First of all you have to fix a problem with a library header:

    sudo ln -s /usr/include/sys/_endian.h /usr/include/sys/endian.h

    then you can install encfs using this remote brew recipe:

    brew reinstall https://gist.github.com/ghibble/7297078/raw/cae1ff000a5e1cfc670f5b7a611279ed494b63af/encfs.rb

    It's also possible that you have to fix fuse4x installation before being able to use encfs (I had to do it):

    sudo /bin/cp -rfX /usr/local/Cellar/fuse4x-kext/0.9.2/Library/Extensions/fuse4x.kext /Library/Extensions
    sudo chmod +s /Library/Extensions/fuse4x.kext/Support/load_fuse4x

    That's it! Please note that this is just a workaround (thanks to Giovanni Bajo for suggesting me the symlink fix). Please also note that this recipe uses fuse4x library and not the most updated osxfuse (but it works, anyway). Some other users reported me that there is a fix for the original brew recipe, and this one uses osxfuse. You can find it here https://gist.github.com/defunctzombie/7324625 but I haven't tested it yet.

    Update: to fully integrate encfs with OSX, I also suggest to follow this nice guide http://www.maketecheasier.com/install-encfs-mac/

    read more


Page 1 / 1