cryfs(1) | General Commands Manual | cryfs(1) |
cryfs - cryptographic filesystem for the cloud
cryfs [-c file] [-f] [options]
basedir mountpoint [-- fuse-options]
cryfs --help|--version|--show-ciphers
CryFS encrypts your files, so you can safely store them anywhere.
The goal of CryFS is not only to keep file contents, but also file sizes, metadata and directory structure confidential. CryFS uses encrypted same-size blocks to store both the files themselves and the block's relations to another. These blocks are stored as individual files in the base directory, which can then be synchronized with cloud services such as Dropbox.
The blocks are encrypted using a random key, which is stored in a configuration file encrypted by the user's passphrase. By default, it will be stored together with the data in the base directory, but you can choose a different location if you do not want it in your cloud or when using a weak passphrase.
While you can access your files through your mount directory, CryFS actually places them in your base directory after encrypting. CryFS will encrypt and decrypt your files 'on the fly' as they are accessed, so files will never be stored on the disk in unencrypted form.
You can choose any empty directory as your base, but your mount directory should be outside of any cloud storage, as your cloud may try to sync your (temporarily mounted) unencrypted files as well.
If CryFS detects an encrypted storage in the given base directory, you will be asked for the passphrase to unlock and mount it. Otherwise, CryFS will help you with creating one, just follow the on-screen instructions.
As the encryption key to your CryFS storage is stored in your configuration file, it would be possible to re-encrypt it using a different passphrase (although this feature has not been implemented yet).
However, this does not change the actual encryption key of your storage, so someone with access to the old passphrase and configuration file (for example through the file history of your cloud or your file system) could still access your files, even those created after the password change.
For this reason, the recommended way to change your passphrase is to create a new CryFS storage with the new passphrase and move your files from the old to the new one.
A higher block size may help reducing the file count in your base directory (especially when storing large files), but will also waste more space when storing smaller files.
Set this environment variable when automating CryFS using external tools or shell scripts.
For more information about the design of CryFS, visit https://www.cryfs.org
Visit the development repository at https://github.com/cryfs/cryfs for the source code and the full list of contributors to CryFS.
CryFS was created by Sebastian Messmer and contributors. This man page was written by Maximilian Wende.