A user-space encryption system, EncFS is designed to keep things simple
EncFS and eCryptfs are, in many ways, extremely similar. Both operate in user space, and both are designed to provide an easy way to manage file-system level encryption. Both include plenty of scope for configuration and the use of various encryption algorithms, and both have their advantages and disadvantages.
Created in 2003 to address a perceived lack of file system encryption capabilities in the kernel of the time – following the dropping of TCFS and the lack of maintenance on the CFS project – EncFS ties in to FUSE – the File-system in User spacE kernel module – to allow any users to create, modify, and access an encrypted directory.
Installation of EncFS is relatively simple, although it does have a few dependencies that must be satisfied before it will operate. For most Linux distributions, however, this translates into a few more packages to be downloaded from the repositories, and adds little complexity to the overall installation process.
Setting up an EncFS-encrypted folder is similar to eCryptfs, although instead of using mount the encfs binary is called instead. Sadly, EncFS does require that two directories are used in place of the singular directory with which eCryptfs can be configured: in practice, this is usually covered by creating a hidden directory to hold the encrypted files.
Once the encrypted directory is created and mounted using EncFS, the files are accessible as normal. File names are encrypted by default, and – as with the other products on test – the well-regarded AES-256 algorithm is used to secure data.
Sadly, EncFS is starting to show its age. Compared to eCryptfs, it doesn’t feel quite as user friendly, but it’s the performance which was most disappointing. In our small-file test, our 500 128KB files transferred at an average speed of around 8MB/s – the slowest of any package on test. While the large file result was better, performing almost twice as fast as EncFS managed with the small files, it was still beaten into third place by the slightly better throughput of eCryptfs – although the difference for large files was all-but negligible.
EncFS does have one trick up its sleeve, however: because it ties into FUSE, it is safe to use with XFS and similar file systems without risking a stack overflow, unlike eCryptfs. If XFS support is key and you need a user-space file-system level encryption system, EncFS is still worth a look.
Linux User Verdict
Aside from some dependencies which are easy to satisfy, EncFS is simple to install.
EncFS has plenty of choice for performance tuning and encryption algorithms.
Ease of use: 8/10
Unlike eCryptfs, EncFS can be executed without running as root thanks to its use of FUSE.
On slower systems, EncFS performs poorly even at the default settings.
If you need ordinary users to be able to manage encrypted directories – or XFS support – then EncFS is a good choice, otherwise the performance drop is too severe.