Encrypted filesystem on linux

2010 June 10 at 13:00 » Tagged as :virtualization, security, centos, fuse, perl, steganography,

Six years ago, I had a post with this exact same title. At the time it was about making a crypto loop. Cryptoloop allows you to create a large file, ecrypt it and then mount it with the help of a loop back device as a file system. The contents cannot be seen without the proper password. Truecrypt is another system which allows you to do pretty much the same thing but with the added bonus of having support for Staganographic content. However this method is cumbersome because if you run out of space on the encrypted volume, you need to create a new file and copy over the contents from the old one. That's where fuse based systems like encfs come in. encfs is pretty useful because you don't need to start of by creating a large single file to hold all your other files. Simply create two folders on your hard drive, one to contain the encrypted files and the other as the mount point where the decrypted files show up  (but only if you provide the right password).  Today, I tried to setup such a system on a Centos 5.4 box (well it wasn't really a centos 5.4 box it was virtualize, but never mind) and ran into an error straight away:
Verify Encfs Password:
terminate called after throwing an instance of 'boost::filesystem::filesystem_error'
what():  boost::filesystem::path: invalid name ".backups" in path: "/mnt/.backups/.encfs6.xml"
Aborted

Oh by the way, encfs is not found on the Centos Base repos. You need to get it from EPEL. There were exactly four results in Google for this error and none of them seemed likely to be the solution. Pretty annoying, because I had in fact set this up before on a 32 bit CentOS machine before (this time, it's a 64 bit machine). Rather than compiling from sources, which I am loath to doing, I thought to have a look at some of the other options available.

1) PhoneBook

Phonebook also appears to support steganography content and sounds similiar to truecrypt but it's a bit of overkill for me and it hasn't been maintained since 2004.

2) CryptoFS

Sadly the site seems to have been taken offline.

3) MinforFs

'MinorFs is a userspace filesystem (fuse) for Linux providing private storage to pseudo persistent processes. This allows programs that are run by a user to keep some data safe from all potential malware that runs with all this users privileges.' - once again it appears to be overkill

4) MetFS

'MetFS is a filesystem software in userspace that is encrypted, dynamic sized (increase when new data added, decrease when data removed), single file when it's unmounted' - oh well, if the file grows and shrinks dynamically I can live with that. The only catch is that it doesn't have an RPM. It's released under an open source license but the download page says, it may only be used for educational purposes. Explain that one to me.

Sadly MetFS wouldn't compile either:

metfs.c: In function ‘metfs_extract_file’:

metfs.c:802: error: ‘TAR’ undeclared (first use in this function)

metfs.c:802: error: ‘t’ undeclared (first use in this function)

metfs.c:820: warning: implicit declaration of function ‘tar_extract_all’

metfs.c: In function ‘main’:

metfs.c:910: warning: implicit declaration of function ‘fuse_main’

make: *** [all] Error

It was time to look again at encfs but by now it was angry at my unfaithfulness.
checking for boostlib >= 1.34... configure: error: We could not detect the boost libraries (version 1.34 or higher). If you have a staged boost library (still not installed) please specify $BOOST_ROOT in your environment and do not give a PATH to --with-boost option.  If you are sure you have boost installed, then check your version number looking in <boost/version.hpp>. See http://randspringer.de/boost for more documentation.
Then it occured to me that one of the four results for the encfs - boost error mentioned that you should not use stuff from EPEL.  I ignored that at first because the post was from 2008 and was speaking of Centos 5.2 but I decided to add the RPMForge repo to my repository list and try again. And sure enough this time encfs worked without that annoyed error. Phew.