RoseFS: Rock-Solid Encrypted File System, based on FUSE
My latest pet project: a FUSE based passthrough encrypted file system “done right” (or “done wrong”, depending on the viewpoint).
It is backup-friendly, MacOS X friendly (but also runs on Linux, FreeBSD), works on top of case insensitive but case preserving filesystems (such as HFS+). It supports but does not preserve sparse files. To avoid severe scalability issues, it does not cryptographically chain filenames and directories; in other words, renaming and moving are constant time operations.
RoseFS uses PBKDF2 with SHA-256 for key derivation, AES-256 in CTR mode with per-file random IVs for file data encryption and AES-256 in CBC mode for directory and filename encryption.
RoseFS is work in progress. See the in-file documentation in
rose.c on Github for more information: