The purpose of this project is to create a “file system” that represents an encrypted view of some other folders on the same machine. The idea is that in this way applications like offsite backup tools will always work with just the encrypted
version of the data, so by the time the data leaves the machine there is no risk of exposing the actual files and folders. I started this project in order to create my own backup solution based upon rsync; unluckily there are not many ways to encrypt a file
in such a way that is rsync friendly.
Rsyncrypto is one of such tools but it has a few drawbacks: it only supports AES, it requires some file preprocessing (i.e. the backup tool must know that it needs to encrypt the file with it before handling it) and last but not least it is terribly slow
on commodity hardware like modern Atom based machines. After discovering the existence of the Dokan library, which does the heavy lifting of writing the piping code necessary for developing a filter driver on Windows, I decided to write my own file system.
In addition to [pseudo]encryption the file system does file/folder name obfuscation in order to make cryptoanalisys at least a little bit more difficult.
RC4 pseudo encryption
In order to encrypt the data really fast, I decided to employee the
RC4 algorithm with a variation:
- using a fixed period of 64MB for the random number generator
This would not reduce much the security of the encryption because the value is large enough and larger than the average size of the files that get encrypted. One other side effect of this is that the same key is used to encrypt multiple files while security
experts suggest to employee the use of nonces with RC4 (future release?).
How fast it is? On my Atom machine copying the data to an external USB drive is not affected by PeoneFS layer, the bottleneck being the USB2 bus. YMMV
How to run PEONEFS
Use the following steps:
- download the binary release and unzip the files in any folder
- download and install the
Dokan library from here
- edit the configuration file by mapping the folders and choosing a non default password
- test that everything went well by launching
Give the app a few seconds to initialize everything and you will be able to navigate to the newly mounted drive by using Windows Explorer or any other directory browsing tool.
If everything went well you can install PeoneFS as a service, which means that the file system will be able to run even if nobody is logged in, by typing:
Please note that on Vista and more recent OSes this action will prompt for elevation (UAC).