The purpose of this project is to create a “file system” that represents an encrypted view of some other folders on the same machine. The idea is that in this way applications like offsite backup tools will always work with just the encrypted version of the data, so by the time the data leaves the machine there is no risk of exposing the actual files and folders. I started this project in order to create my own backup solution based upon rsync; unluckily there are not many ways to encrypt a file in such a way that is rsync friendly. Rsyncrypto is one of such tools but it has a few drawbacks: it only supports AES, it requires some file preprocessing (i.e. the backup tool must know that it needs to encrypt the file with it before handling it) and last but not least it is terribly slow on commodity hardware like modern Atom based machines. After discovering the existence of the Dokan library, which does the heavy lifting of writing the piping code necessary for developing a filter driver on Windows, I decided to write my own file system. In addition to [pseudo]encryption the file system does file/folder name obfuscation in order to make cryptoanalisys at least a little bit more difficult.

RC4 pseudo encryption

In order to encrypt the data really fast, I decided to employee the RC4 algorithm with a variation:

  • using a fixed period of 64MB for the random number generator

This would not reduce much the security of the encryption because the value is large enough and larger than the average size of the files that get encrypted. One other side effect of this is that the same key is used to encrypt multiple files while security experts suggest to employee the use of nonces with RC4 (future release?).

How fast it is? On my Atom machine copying the data to an external USB drive is not affected by PeoneFS layer, the bottleneck being the USB2 bus. YMMV

How to run PEONEFS

Use the following steps:

  1. download the binary release and unzip the files in any folder
  2. download and install the Dokan library from here
  3. edit the configuration file by mapping the folders and choosing a non default password
  4. test that everything went well by launching
    PeoneFS test

Give the app a few seconds to initialize everything and you will be able to navigate to the newly mounted drive by using Windows Explorer or any other directory browsing tool.

If everything went well you can install PeoneFS as a service, which means that the file system will be able to run even if nobody is logged in, by typing:

PeoneFS install

Please note that on Vista and more recent OSes this action will prompt for elevation (UAC).

Last edited Oct 19, 2010 at 12:48 AM by _paperino, version 3