22nd April 2012

RoseFS: Rock-Solid Encrypted File System, based on FUSE

My latest pet project: a FUSE based passthrough encrypted file system “done right” (or “done wrong”, depending on the viewpoint).

It is backup-friendly, MacOS X friendly (but also runs on Linux, FreeBSD), works on top of case insensitive but case preserving filesystems (such as HFS+). It supports but does not preserve sparse files. To avoid severe scalability issues, it does not cryptographically chain filenames and directories; in other words, renaming and moving are constant time operations.

RoseFS uses PBKDF2 with SHA-256 for key derivation, AES-256 in CTR mode with per-file random IVs for file data encryption and AES-256 in CBC mode for directory and filename encryption.

RoseFS is work in progress. See the in-file documentation in rose.c on Github for more information:

Fork me on GitHub