---
* THIS PROJECT HAS BEEN DISCONTINUED *
---An easy-to-use, easy-to-setup, hassle-free secure file system with the encrypted data being stored on a remote cloud server without having to trust the server.
Direct Download: erfs
Medium Article: THC's encrypted cloud based file system
Technical Details: Technical-Details
The client is a bash-script. The cloud server is provided by THC for free (as in free beer!).
There is no limit per user, no limit of the number of file systems and no limit of how many locations can access the same file system simoultanously. It supports collaboration and the same filesystem can be accessed from different computers at the same time. The data is securely and seamlessly synchronized.
The server has no knowledge of the content. A rogue server operator can not access the data. All key material is created on the user's computer and never stored or transferred to the server.
Features:
- Does not require root or superuser privileges.
- Data to remain secure even if the server is compromised.
- Encrypts file name and content.
- Can be used by multiple users from many locations at the same time and simulatnously.
- No Public Key Infrastructure. Everything to work by 'Deterministic Key Derivation' (like Bitcoin does).
- Strong AES encryption
- Base58 passwords 24 characters long (enforced).
Currently supported OSes:
- Linux
- MacOS
By using our server ("the service") you agree that you will only use the service for research or for doing good things. You agree that you will not use the service for illegal activities. If in doubt then please run your own server.
Pre-Requisite - Linux
$ apt-get update -y
$ apt-get install -y git sshfs encfs(MacOS Users please read below)
Installation
$ git clone https://github.com/hackerschoice/erfs.git
$ sudo cp erfs/erfs /usr/local/binor:
$ sudo curl -o /usr/local/bin/erfs -OL https://raw.githubusercontent.com/hackerschoice/erfs/master/erfs
$ sudo chmod +x /usr/local/bin/erfsUsage
Create a SHARE-SECRET and initialize a new File Share (example):
$ erfs init
Server: Creating a new Remote File Share....
--> You MUST remember this SHARE-SECRET. Access to the data is lost <--
--> *FOREVER* if the SHARE-SECRET is lost. KEEP IT SAFE. <--
##############################################
## ##
## SHARE-SECRET: aDe5F2ik3x35x7pfAEAWdC5Y ##
## ##
##############################################Mount the Remote File Share on your computer (example):
$ erfs mount aDe5F2ik3x35x7pfAEAWdC5Y ~/secure
Encrypted partition mounted to /Users/me/secure
$ ls -al ~/secureUnmount the share:
$ erfs umount ~/secureUnmount everything:
$ erfs umountThe server does not have access to the SHARE-SECRET or the data. Keep the SHARE-SECRET secure. Anyone with the knowledge of the SHARE-SECRET can access the data.
Collaborating
If you receive a SHARE-SECRET from somebody then you can access their secure share simoultanously.
$ erfs mount <SHARE-SECRET>Security
Passing SHARE-SECRET using the command line parameter is not secure. A better way is:
$ SEC=<SHARE-SECRET> erfs mountThe tool relies on the underlying security of ssh, sshfs and EncFS.
Open a Terminal: Applications > Utilities > Terminal. Install Homebew by typing this command:
$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
Install encfs and sshfs
$ brew cask install osxfuse
$ brew install sshfs
$ brew install encfs
Make sure to use sshfs version 2.10 or above or your speed will be 0.2Mbit (Bug #57):
$ sshfs --version
SSHFS version 2.10
OSXFUSE 3.10.6
FUSE library version: 2.9.7
Automatically mount share on every login - MacOS
- Create '~/Library/Startup' with this content:
#! /bin/bash
erfs mount <SHARE-SECRET>
-
Make it executeable:
chmod +x ~/Library/Startup. -
Add this file in System Preferences > Users & Groups > Login Items
Automatically mount share on every login - Linux
Put this into your ~/.bashrc to mount the file system every time you log in and put your SHARE-SECRET into my-share-secret.txt:
$ erfs mount my-share-secret.txtTips
Using a different server:
$ export THC_RFS_SERVER=1.2.3.4
$ export THC_RFS_PORT=2222Prompting for the SHARE-SECRET (Grugq's idea):
$ erfs mount -x
Enter SHARE-SECRET: Shorten the commands:
$ erfs i
$ erfs m
$ erfs uRunning your own sever
You are encouraged to run your own server. This is optional. Please refer to hackerschoice/docker-erfs-server for more information.