# Ecryptfs on FreeBSD?



## thiago (Jan 31, 2013)

Does FreeBSD support ecrytpfs, or a equivalent cryptographic stacked filesystem?


----------



## xibo (Jan 31, 2013)

FreeBSD does storage encryption by adding an (or multiple) encryption layer(s) to the storage device layout (GEOM), which is opaque to filesystems. Therefore there is no need nor support for filesystem level encryption.

This might change if Oracle Corporation releases more recent ZFS code under a license compatible to usage in FreeBSD.


----------



## SirDice (Jan 31, 2013)

thiago said:
			
		

> or a equivalent cryptographic stacked filesystem?


Handbook: 19.16 Encrypting Disk Partitions


----------



## fonz (Jan 31, 2013)

xibo said:
			
		

> FreeBSD does storage encryption by adding an (or multiple) encryption layer(s) to the storage device layout (GEOM), which is opaque to filesystems.


However, as far as I know FreeBSD's disk encryption schemes (gbde(8) and geli(8), see the Handbook as per the above link provided by SirDice) are not supported by other operating systems. If you want something that works not only with FreeBSD but also with e.g. Windows or Linux, the only remaining option that I'm aware of is TrueCrypt (security/truecrypt).


----------



## thiago (Jan 31, 2013)

fonz said:
			
		

> If you want something that works not only with FreeBSD but also with e.g. Windows or Linux, the only remaining option that I'm aware of is TrueCrypt (security/truecrypt).



I'm looking for a encryption layer that works well with dropbox, so when I modify a file, only that file is sent back to dropbox servers. Here is my scenario:

I use Windows as the OS on my laptop, but all my programming work must be done insine a unix environment, so I use virtualbox which shares a host directory(containing the dropbox directory) with the linux guest. Some of the projects I work are stored in a ecryptfs directory contained in the dropbox directory, so when I update a file, only that file is synced back to dropbox servers.

While my current setup is working perfectly, I've been curious to try FreeBSD as a work environment(I'm a unix geek), and the only thing holding me is the lack of a filesystem level encryption that makes a good match with dropbox(the fact that dropbox doesn't work on FreeBSD isn't a problem, since virtualbox shares the host dropbox directory).

I've heard about truecrypt, but as far as I know it stores the entire filesystem in a single file, so I don't how dropbox would handle the sync(would it sync the whole filesystem for every small change made in the mounted filesystem?).

Maybe I will give truecrypt a try.


----------



## fonz (Jan 31, 2013)

thiago said:
			
		

> I've heard about truecrypt, but as far as I know it stores the entire filesystem in a single file


It _can_ do that, but it doesn't have to. It's just one of the options. Further, I am not an expert on Dropbox synchronisation but my educated guess is that whether you use filesystem-level or device-level encryption (or no encryption at all) should make no difference to Dropbox.


----------



## thiago (Jan 31, 2013)

fonz said:
			
		

> It _can_ Further, I am not an expert on Dropbox synchronisation but my educated guess is that whether you use filesystem-level or device-level encryption (or no encryption at all) should make no difference to Dropbox.



It makes difference if you store the lower directory on dropbox, which is what I do currently.

The lower directory is where ecryptfs stores the encrypted data, the upper directory(mount point) is where you do your work, and doesn't have to be in dropbox


----------



## thiago (Jan 31, 2013)

As I suspected, truecrypt doesn't play well with dropbox. Here's an article that explains the issues.

It turns out there's a simple, FUSE alternative to ecryptfs(also plays well with cloud storage) that seems to work on FreeBSD that I discovered after investigating  BoxCryptor, the alternative documented in the article linked above


----------



## wblock@ (Jan 31, 2013)

Be careful, FUSE is not particularly solid on FreeBSD.  There is work going on in that area, don't know whether it's only in -CURRENT or has been MFCed to 9-STABLE.


----------



## fonz (Jan 31, 2013)

thiago said:
			
		

> As I suspected, truecrypt doesn't play well with dropbox.
> [snip]
> It turns out there's a simple, FUSE alternative to ecryptfs(also plays well with cloud storage) that seems to work on FreeBSD


As said, I'm not a Dropbox expert  TrueCrypt just came to mind as a possible alternative, but I'm sorry to hear that it doesn't play nice with Dropbox. However, feel free to report your experiences with that FUSE-alternative thingy. There will probably be people here who find it interesting to hear whether or not it works.


----------



## jrm@ (Jan 31, 2013)

wblock@ said:
			
		

> Be careful, FUSE is not particularly solid on FreeBSD.  There is work going on in that area, don't know whether it's only in -CURRENT or has been MFCed to 9-STABLE.



Pay particular attention to this PR.


----------



## bes (Jan 31, 2013)

I would prefer to use PEFS instead of EncFS. PEFS is a kernel level stacked cryptographic filesystem for FreeBSD, which was developed and is maintained by gk@freebsd.org
sysutils/pefs-kmod


----------



## jrm@ (Jan 31, 2013)

bes said:
			
		

> I would prefer to use PEFS instead of EncFS.



It doesn't build on 9.1-STABLE amd64.

http://pastebin.mozilla.org/2101391

I'll submit a PR.


----------

