It’s a bash script. It adds a new file system to your local computer. All data is locally encrypted (including the file name). The encrypted data (and only that!) is stored in the cloud. The data remains secure even if the cloud server is compromised. It does not need root or superuser privileges. No need to run your own server. It feels like a normal directory with all the encryption and cloud-synchronisation happening in the background. All you need is the bash script (literally). It’s one single command to add and use a file system:
$ erfs mount aDe5F2ik3x35x7pfAEAWdC5Y ~/secure
The bash script makes use of two existing tools: sshfs and EncFS. Please read the Technical Details for more information.
A securely mounted remote filesystem is called an ‘ERFS’ (pronounced Örfz): Encrypted Remote File System.
The bash-script is available from https://github.com/hackerschoice/erfs-client.
THC runs this as a service and provides the server side and data storage for free. However, there is a detailed explanation of how to run your own server. The server comes as a Docker-Container for rapid deployment on any of the major cloud platforms.
Why you need ERFS
- It allows you to share a file with somebody you do not know or do not trust anonymously. Both parties simply mount the same ERFS and un-mount it when done.
- During pen(-testing) you may need a 0day at the front-line or send logs back to HQ. Using ERFS makes this easier: Mount the same ERFS at the forward deployment and at HQ and exchange data seamlessly.
- It does not require any key management or key infrastructure. It is super easy to use thanks to the Deterministic Key Derivation method (like bitcoin uses for HD-wallets).
All key material is created on your local computer. No keys are ever sent or stored on the server. It uses Deterministic Key Derivation (like Bitcoin does).
The server does not need to be trusted. The data remains secure even if the server gets compromised.
All source code is public (GitHub).
I get 8–12 Mbit/sec upload and 20–30 Mbit/sec download speeds. It’s about 10% slower than just using sshfs without EncFS on top.