EncFS provides an encrypted filesystem in user-space. EncFS runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. You can find links to source and binary releases below.
As with most encrypted filesystems, Encfs is meant to provide security against off-line attacks; ie your notebook is stolen, your backups are stolen, etc. The way Encfs works is different from the �loopback� encrypted filesystem support built into the Linux kernel because it works on files at a time, not an entire block device.
You do not need to allocate storage ahead of time for EncFS.
Advantages of a pass-thru system vs an encrypted block device:
An empty EncFS filesystem consists of a couple dozen bytes. With a loopback encrypted filesystem, you allocate a filesystem ahead of time with the size you want.
An EncFS filesystem can be backed-up on a file-by-file basis. A backup program can detect which files have changed, even though it won't be able to decipher the files. This way backups can be made without needing to mount the encrypted filesystem.
An EncFS acts as a translator for filenames and file data and should theoretically be able to pass through to any underlying filesystem. You could have an EncFS filesystem on a DVD, or a DVD mounted remotely and served through a Samba server and mount it locally with EncFS in order to view the encrypted data (your mileage may vary).
- Initialization vector setup for new filesystems was replaced, which helps against a watermark attack.