DEV Community

Ghost In A Jar
Ghost In A Jar

Posted on

LockFS - A simple flexible file-by-file encryption tool for secure storage

#java #opensource

Pain Points of Current Encryption Tools

Most encryption tools today encrypt your data with a monolithic approach. Here are some of the methods you will see with current tools:

  • Manual Single File Encryption: Directly encrypting a single file, which prompts a password each time you want to encrypt a file. Although this is very flexible, handling multiple files require you to bundle them up in an archive file before encrypting, which is slow and inefficient in handling files that are huge in size

  • Virtual Block Containers: Building a container by formatting a file to create a virtual device block. This method requires you to choose a filesystem (e.g. ext4, NTFS, exFAT) and create a file which either has a fixed size or the one that can resize dynamically. While this is great for keeping your files secure, it is not as portable and not to mention that the file can grow very large

  • Centralized Databases: Relying on a central database is also an issue when it comes to splitting your files up to accommodate to different storage sizes depending on your backup strategy. These databases are files which stores the encrypted master key, the parameters that the vault relies on to get access to your data during decryption, as well as the structure of the vault. While this is effective in some ways, it becomes a hurdle when you need to split your files in the vault up for whatever reason

  • The Decrypt/Mount Requirement: Most of the tools also need to be decrypted or sometimes mounted first before you can get access to the decrypted data to add, remove or modify its contents

How LockFS Solves These Issues

LockFS is designed to address the pain points highlighted above:

  • Self-contained: Encrypted files will have their own metadata built into each file independently, allowing the files to be truly granular and flexible. They can be decrypted without relying on a centralized database

  • No filesystem reliance: Files can be stored and decrypted on any OS or storage medium without worrying about filesystem compatibility

  • Batch flexibility: Every file should be self contained so that they can be added freely without having to decrypt the already encrypted files first

How LockFS Is Being Designed

LockFS is designed with the following target audience in mind:

  • Privacy conscious individuals who are looking to protect their data from being accessed by others

  • Individuals who are looking to encrypt their backups

  • Individuals looking for maximum flexibility in their backup strategy

If you like what you see, take a look at the LockFS repo or try out the project by downloading the latest stable release

Github Repo

Please feel free to ask any questions or share your thoughts. Contributions in the form of pull requests and code reviews are welcome too

Top comments (0)