cryfs

Mount an encrypted filesystem. The initialization wizard will be started on the first execution

$ cryfs [path/to/cipher_directory] [path/to/mount_point]

$ cryfs-unmount [path/to/mount_point]

$ cryfs --unmount-idle [10] [path/to/cipher_directory] [path/to/mount_point]

$ cryfs --show-ciphers

cryfs [global-options...] <securedir> <mountpoint> [fuse-options]

--create, -c
    Create new CryFS securedir (prompts for password)

--password-file <FILE>
    Read password from file instead of stdin/tty

--password-read-from-stdin
    Read password from stdin

--password-fd <FD>
    Read password from file descriptor

--pkcs11-token-label <LABEL>
    Use PKCS#11 token for key (with --pkcs11-pin)

--pkcs11-pin <PIN>
    PIN for PKCS#11 token

--cipher <ALGO>
    Cipher algorithm (AES, Twofish; default: AES)

--key <KEYFILE>
    Load 32-byte key from file (bypasses password)

--print-key
    Print derived 32-byte key to stdout

--pbkdf2-iter <TIME>
    PBKDF2 iteration time in ms (default: 250)

--version
    Print version and exit

--help, -h
    Show help

CryFS is a cryptographic filesystem implemented as a userspace filesystem using FUSE on Linux. It mounts an encrypted directory (securedir) as a decrypted, fully-featured filesystem (mountpoint), allowing transparent read/write access to files.

Key features include: file-level encryption with stream ciphers (default AES-256-GCM), metadata hiding by padding files to block sizes and encrypting filenames/directory structures, and resistance to attacks revealing file count, sizes, or modification times. It uses password-based key derivation via PBKDF2 (default 250ms iterations, adjustable).

To use: first invocation with --create initializes the securedir (prompts for password); subsequent mounts decrypt on-the-fly. Supports streaming (no full re-encryption on changes) for efficiency.

CryFS prioritizes forward secrecy and security against offline attacks but has performance overhead due to FUSE and per-block reads/writes. Ideal for secure backups or cloud storage encryption. Open-source under LGPLv3.

High CPU/disk overhead from FUSE and padding; not suitable for high-performance needs. Metadata hiding increases storage use (up to 400% overhead). Vulnerable to active attacks if mountpoint writable by others. Unmount manually or use fuser. No plausible deniability.

Uses XChaCha20-Poly1305 or AES-GCM for AEAD; filenames encrypted with scrypt-derived keys. Resists watermarking but not multi-volume correlation attacks.

Use fumount <mountpoint> or fusermount -u <mountpoint>; kill processes if stuck.

Developed by Sebastian Messmer (smu) starting 2015 as a secure alternative to eCryptfs/EncFS. First release 0.9.9 in 2017; version 0.12+ (2023) adds GCM ciphers, PKCS#11. Actively maintained on GitHub with focus on security audits.

encfs(1), gocryptfs(1), fuse(8), mount.fuse(8)