pax_global_header00006660000000000000000000000064137512471750014526gustar00rootroot0000000000000052 comment=c633c506dc7a32294b6dec8a75b663d94758f4a6 erfs-1.4/000077500000000000000000000000001375124717500123315ustar00rootroot00000000000000erfs-1.4/README.md000066400000000000000000000122221375124717500136070ustar00rootroot00000000000000# erfs An easy-to-use, easy-to-setup, hassle-free secure file system with the encrypted data being stored on a remote cloud server without having to trust the server. Direct Download: [erfs](https://raw.githubusercontent.com/hackerschoice/erfs/master/erfs) Medium Article: [THC's encrypted cloud based file system](https://tiny.cc/thcrfs) Technical Details: [Technical-Details](https://github.com/hackerschoice/erfs/wiki/Technical-Details) The client is a bash-script. The cloud server is provided by THC for free (as in free beer!). There is no limit per user, no limit of the number of file systems and no limit of how many locations can access the same file system simoultanously. It supports collaboration and the same filesystem can be accessed from different computers at the same time. The data is securely and seamlessly synchronized. The server has no knowledge of the content. A rogue server operator can not access the data. All key material is created on the user's computer and never stored or transferred to the server. **Features:** - Does not require root or superuser privileges. - Data to remain secure even if the server is compromised. - Encrypts file name and content. - Can be used by multiple users from many locations at the same time and simulatnously. - No Public Key Infrastructure. Everything to work by 'Deterministic Key Derivation' (like Bitcoin does). - Strong AES encryption - Base58 passwords 24 characters long (enforced). **Currently supported OSes:** - Linux - MacOS *By using our server ("the service") you agree that you will only use the service for research or for doing good things. You agree that you will not use the service for illegal activities. If in doubt then please run your own server.* --- **Pre-Requisite - Linux** ```ShellSession $ apt-get update -y $ apt-get install -y git sshfs encfs ``` (MacOS Users please [read below](#macos_install)) **Installation** ```ShellSession $ git clone https://github.com/hackerschoice/erfs.git $ sudo cp erfs/erfs /usr/local/bin ``` or: ```ShellSession $ sudo curl -o /usr/local/bin/erfs -OL https://raw.githubusercontent.com/hackerschoice/erfs/master/erfs $ sudo chmod +x /usr/local/bin/erfs ``` **Usage** Create a SHARE-SECRET and initialize a new File Share (example): ```ShellSession $ erfs init Server: Creating a new Remote File Share.... --> You MUST remember this SHARE-SECRET. Access to the data is lost <-- --> *FOREVER* if the SHARE-SECRET is lost. KEEP IT SAFE. <-- ############################################## ## ## ## SHARE-SECRET: aDe5F2ik3x35x7pfAEAWdC5Y ## ## ## ############################################## ``` Mount the Remote File Share on your computer (example): ```ShellSession $ erfs mount aDe5F2ik3x35x7pfAEAWdC5Y ~/secure Encrypted partition mounted to /Users/me/secure $ ls -al ~/secure ``` Unmount the share: ```ShellSession $ erfs umount ~/secure ``` Unmount everything: ```ShellSession $ erfs umount ``` The server does not have access to the SHARE-SECRET or the data. Keep the SHARE-SECRET secure. Anyone with the knowledge of the SHARE-SECRET can access the data. --- **Collaborating** If you receive a SHARE-SECRET from somebody then you can access their secure share simoultanously. ```ShellSession $ erfs mount ``` --- **Security** Passing SHARE-SECRET using the command line parameter is not secure. A better way is: ```ShellSession $ SEC= erfs mount ``` The tool relies on the underlying security of ssh, sshfs and EncFS. --- **Pre-Requisite - MacOS** Open a Terminal: Applications > Utilities > Terminal. Install Homebew by typing this command: ``` $ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)" ``` Install encfs and sshfs ``` $ brew cask install osxfuse $ brew install sshfs $ brew install encfs ``` Make sure to use sshfs version 2.10 or above or your speed will be 0.2Mbit ([Bug #57](https://github.com/osxfuse/sshfs/issues/57)): ``` $ sshfs --version SSHFS version 2.10 OSXFUSE 3.10.6 FUSE library version: 2.9.7 ``` **Automatically mount share on every login - MacOS** 1. Create '~/Library/Startup' with this content: ``` #! /bin/bash erfs mount ``` 2. Make it executeable: `chmod +x ~/Library/Startup`. 3. Add this file in System Preferences > Users & Groups > Login Items **Automatically mount share on every login - Linux** Put this into your ~/.bashrc to mount the file system every time you log in and put your SHARE-SECRET into my-share-secret.txt: ```ShellSession $ erfs mount my-share-secret.txt ``` --- **Tips** Using a different server: ```ShellSession $ export THC_RFS_SERVER=1.2.3.4 $ export THC_RFS_PORT=2222 ``` Prompting for the SHARE-SECRET (Grugq's idea): ```ShellSession $ erfs mount -x Enter SHARE-SECRET: ``` Shorten the commands: ```ShellSession $ erfs i $ erfs m $ erfs u ``` --- **Running your own sever** You are encouraged to run your own server. This is optional. Please refer to [hackerschoice/docker-erfs-server](https://github.com/hackerschoice/docker-erfs-server) for more information. erfs-1.4/erfs000077500000000000000000000337371375124717500132330ustar00rootroot00000000000000#! /bin/bash ROOT_DIR=~/thc THC_RFS_VERSION="1.4" [ -z "$THC_RFS_SERVER" ] && THC_RFS_SERVER=rfs.thc.org [ -z "$THC_RFS_PORT" ] && THC_RFS_PORT=22 FUSE_OPT="" if [[ x"$OSTYPE" == "xdarwin"* ]]; then # Setting 'noapplexattr' prevents 'finder' from copying. FUSE_OPT="${FUSE_OPT} -o iosize=65536,noappledouble" fi # Turn of compression. All transfered data is encrypted and thus cant be compressed. SSHFS_OPT="-o ServerAliveInterval=30,reconnect,attr_timeout=60,auto_cache,compression=no,default_permissions" SSHFS_OPT="${SSHFS_OPT} ${FUSE_OPT}" # l(58^44)/l(2) == 257 Bit ENC_B58_LEN=44 # l(58^32)/l(2) == 187 Bit ENC_B58_LEN=32 # l(58^24)/l(2) == 140 Bit (ought to be enough) ENC_B58_LEN=24 SSH_KEY_FILE="${ROOT_DIR}/.id_rsa-rfs" SSH_PARAM="-q -i ${SSH_KEY_FILE}" SSH_PRIV_KEY="-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn NhAAAAAwEAAQAAAYEAsafMvCoegygubfecyY1tmxcOQdabYCKR9b8TG95w8GyafRIHdAfq 2KdB2PLhrY5WGIw8qlSPIxOz+O5reJaXM8QNIn+kZ5O01csMub+BVKCF0tejKYDV3HDl2W +zwDd4BAlXQNDRDCR0vwjk1j+mKCAqiT1xNWsISn2QZWULIaY7z4giVUo29ScUopENp/NK 6GxHkP2MW7y2aLMkOp2FGyHSFKFOr+h1ZFSV63Niq5YDEzEi4QdbdNzI1lXaVOMfNmDuz1 PatGoxc1opDU4vNKfOCDgTp2vnUeLaCvAHq3qU8m00zpigj+yeZkwAB6oW1xEbl3aLjg71 nvOLb7APXHu8vc/v4bA9VfDFy2/2SJS4m4s8/VepmwJrOxrqeV6WquT1rn6VO4MATOL+3Y W+4/8cypHvdTUEHP67A7UmvNwAWbB2bBOPuuFPPtAP6UtqPztEiGIHxodFX+dhWVJ48CA3 Ph+UXi8s+Ih4keKqmh2uV0v7g+39LySpYtcHmwDPAAAFgHS3v7l0t7+5AAAAB3NzaC1yc2 EAAAGBALGnzLwqHoMoLm33nMmNbZsXDkHWm2AikfW/ExvecPBsmn0SB3QH6tinQdjy4a2O VhiMPKpUjyMTs/jua3iWlzPEDSJ/pGeTtNXLDLm/gVSghdLXoymA1dxw5dlvs8A3eAQJV0 DQ0QwkdL8I5NY/piggKok9cTVrCEp9kGVlCyGmO8+IIlVKNvUnFKKRDafzSuhsR5D9jFu8 tmizJDqdhRsh0hShTq/odWRUletzYquWAxMxIuEHW3TcyNZV2lTjHzZg7s9T2rRqMXNaKQ 1OLzSnzgg4E6dr51Hi2grwB6t6lPJtNM6YoI/snmZMAAeqFtcRG5d2i44O9Z7zi2+wD1x7 vL3P7+GwPVXwxctv9kiUuJuLPP1XqZsCazsa6nlelqrk9a5+lTuDAEzi/t2FvuP/HMqR73 U1BBz+uwO1JrzcAFmwdmwTj7rhTz7QD+lLaj87RIhiB8aHRV/nYVlSePAgNz4flF4vLPiI eJHiqpodrldL+4Pt/S8kqWLXB5sAzwAAAAMBAAEAAAGAO/vcNOxDwSUgCCFC3wrRpzvxpG lBrQP/JGqPmSlSGNuSjgg4XAUQVnai1Q2tBVy51TAEi75hVgahDbvyrZSrGN9pT+ypJg/J TyZv9Yejs18/0CDfBnRpwTSdZv1AQ/Z2n2ZH/6qB6wekI5xtJ6n2ADZcJlqIjvDEq+IZjy K+z23BZCEi9olIZR386abwZXTQJgnpYBs7+P2O2WsjIGdvOeoBdNXCK8LhYC7vL8CV4DmW cDR3AmPpjVu+tB/oyCCnKRHc198Rupy3tfI7WCswtQUAcg5N7QwQ7fP8qFE55OtyHpsU4F rW/5wT28eqiLr9LfBJv0095LqWyicRhn41phP0+LZNBNUv9Ak1W0dkqs6plV4QZltYzBjq CwiP3CUMhtfbUPMURZH9PNV3spDwJ4RVpEf3i7c3boaWK6y2Tci0PiWWO5GgiTGM1A1kTH eDR9G4TzYLadZO4OjoVCq4reS8/3I1fQ3Zojrj+NPRsvJFLSPjAhpt6C2hkhl/fnMBAAAA wGE8eJmpFjlE2UyZw+JiuH2PlgcZ4Q9QKTJ9iKPBST85K6K9wvAcrZV9TITU6co6oKk6VL x8402DpaRiqwQ4FVNcYDaCxTkAddVn3RIokLctxJCoAQZVQd6Prud3Hna+wMmhS0kJDCuc lPtz7QuEJ8IUxScTud0/OrhDtct/utmhlpufskqFezOh8rvc6TLXvfZkPl6Y0Z1u0ZkZsn vSSTxi/xCMBx0KcwgxzzWOsS+HstysfBirJoc3tf771yRWIQAAAMEA4G0F/ezDDzJ58HVW EuuzO0qsCwxWmGi54rVwK4BX5ouiZ+v0caZHAva1IsGzVL50vAIM7k9mRBVhNvaVdnhZyy drgykXKe70U1R6tacIoLK0bMMN7ED+jwHNVsqJo6vXe9K5Xq2p0HriTd8YmZHFNa9hX57M rlsF1JYNob18jyzPteclJpQExOemmY/y+Ip3OKVSUT9YYlUlcENsxsSdGMl5u/kpWssVEu emRteef34WlM5IS0OXFg4boa1+YuxHAAAAwQDKpkg4LuT/796JoLDMZzG+npi+nrBXFnOo gMXppDsVBaJGO8v8I99yFbWHVyM7F/1xt5lPHHEovjaA0SQXw1KsDvXTav3LiSSfeTMnl7 Dqe2reiwhUJU0c08AXMAtDCdS0HGQxStfhy+z0/P+IKCS2Z3VZNRTZ7oDmguhnrB5867Ii SM3Vaznx4PhcYtDu83xhmXYvMe0IXSdBvKcMIfqnbTJyPX/A5lRs4zPM5YjJUQOuw9pk73 Fb9mr1O9fL8zkAAAALdHBAdGVyZWtub3I= -----END OPENSSH PRIVATE KEY-----" debug() { #echo $@ : } usage() { echo "\ ERFS Version: $THC_RFS_VERSION $0 [] [] CMD: init - Create a NEW secure file system mount - Mount a secure file system umount - Unmount one or all secure file systems clean - Unmount all and purge runtime directories (wont delete data). Options: -x - Prompt for SHARE-SECRET Create a NEW and empty secure remote file system: $ $0 init Mount an EXISTING secure remote file system to ~/test: $ $0 mount ~/test Unmount a secure remote file system: $ $0 umount Unmount all secure remote file systems: $ $0 umount" exit 1 } # Do a dirty base58 from input data (likely to be base64) b58sanitize() { local CLEAR CLEAR=$(echo "$1" | sed 's/[^a-zA-Z0-9]//g' | sed 's/[0OIl]//g'| head -n1 | cut -c 1-"$2") if [ ${#CLEAR} -lt "$2" ]; then # This is fatal and should never happen echo "ERROR base58: ${#CLEAR} but length is $2" exit 1 fi echo "$CLEAR" } # Converts (user-)input into likely output. # 0 -> o # O -> o # l -> 1 # I -> 1 b58convert() { # shellcheck disable=SC2020 echo "$1" | tr 0OlI oo11 } # Sanitize mount point mp_sanitize() { local CLEAR CLEAR="${1}" # If you like to have awkward characters in your mount point # (mkdir "~.../;id|-") then you can remove the next line at your # own risk, fool. You have been warned... CLEAR="${1//[^a-zA-Z0-9_- /]/}" echo "$CLEAR" } # Deterministic secret from Master-Secret derive_secrets() { # Derive all keys from the master key # RSEC is the username # RID a local id (short) # EPAS is the encryptino password # SPAS is the ssh login password RSEC=$(b58sanitize "$(echo s1"${1}" | openssl sha256 -binary | openssl base64)" 16) RID=$(b58sanitize "$(echo i2"${1}" | openssl sha256 -binary | openssl base64)" 4) EPAS=$(b58sanitize "$(echo s3"${1}" | openssl sha256 -binary | openssl base64)" "$ENC_B58_LEN") SPAS=$(b58sanitize "$(echo p4"${1}" | openssl sha256 -binary | openssl base64)" 16) } master_pwd_new() { # Create a new Master Password MPASS=$(b58sanitize "$(dd if=/dev/urandom bs=1 count=48 2>/dev/null | openssl base64)" "$ENC_B58_LEN") } unmount_cmd() { # Linux does not accept sym-link as unmount points. REAL_RSEC="${1}" [ -L "${1}" ] && REAL_RSEC=$(readlink "${1}") if [ x"${HAS_FUSERMOUNT}" = x1 ]; then fusermount -uz "${REAL_RSEC}" ret=$? else # Try MacOS way..(fusermount does not exist) umount -f "${REAL_RSEC}" ret=$? fi } unmount() { # Three cases to consider: # 1. Unmount fails because mount-point is busy. # -> Do not clear runtime files # 2. Unmount fails because mount-point directory does not exist # -> Clear runtime files # 3. Unmount fails because mount-point is already unmounted # -> Clear runtime files # Do not return if this fails. We like to unmount # rfs regardless if we managed to unmount rsec. unmount_cmd "${ROOT_DIR}/.run/id-${1}/rsec" if [ $ret -ne 0 ]; then #echo "unmount rsec failed" : fi [ -L "${ROOT_DIR}/.run/id-${1}/rsec" ] && rm -f "${ROOT_DIR}/.run/id-${1}/rsec" [ -d "${ROOT_DIR}/.run/id-${1}/rsec" ] && rmdir "${ROOT_DIR}/.run/id-${1}/rsec" unmount_cmd "${ROOT_DIR}/.run/id-${1}/rfs" if [ $ret -ne 0 ]; then # unmount rfs failed. : fi # Clear runtime files if 'rsec' has been unmounted (but only then) [ -d "${ROOT_DIR}/.run/id-${1}/rfs" ] && rmdir "${ROOT_DIR}/.run/id-${1}/rfs" rmdir "${ROOT_DIR}/.run/id-${1}" 2>/dev/null rm -f "${ROOT_DIR}/sec-${1}" } unmount_all() { for x in "${ROOT_DIR}/.run/id-"*; do if [ ! -d "${x}" ]; then break fi id=$(echo "$x" | cut -f2 -d-) debug "Working on '${id}'" unmount "$id" done } get_mpass() { # read master password from file,device or sym-link if exists # Grugq's idea to have -x to read password from stdin: # shellcheck disable=SC2153 # We mean SEC, not RSEC if [ x"${1}" = "x-x" ] || [ x"${1}" = "xstdin" ]; then echo -n "Enter SHARE-SECRET: " read -r mpass elif [ -e "${1}" ]; then read -r mpass <"${1}" elif [ x"${1}" != x ]; then mpass="${1}" elif [ x"${SEC}" != x ]; then # Try to get password from environment variable mpass="${SEC}" else echo "ERROR: Need to specify password" exit 1 fi mpass=$(b58convert "$mpass") if [ ${#mpass} -ne "$ENC_B58_LEN" ]; then echo "ERROR. Illegal master password" exit 1 fi } # Replace string in file replace() { if ! grep "$2" "$1" >/dev/null; then # Pattern found; replace in file sed -i-old "s/$2/$3/g" "$1" >/dev/null fi } if [ $# -lt 1 ]; then usage fi command -v sshfs >/dev/null 2>&1 || { echo >&2 "sshfs not found. Try 'apt-get install sshfs'"; exit 1; } command -v encfs >/dev/null 2>&1 || { echo >&2 "EncFS not found. Try 'apt-get install encfs'"; exit 1; } # MacOS does not have fusermount and uses 'umount' instead. HAS_FUSERMOUNT=1 command -v fusermount >/dev/null 2>&1 || HAS_FUSERMOUNT=0 if [[ x"$OSTYPE" == "xdarwin"* ]]; then VER=$(sshfs --version 2>&1 | grep ^SSHFS | cut -f3 -d" ") if [ x"$VER" = "x2.9" ]; then echo " Buggy SSHFS dedected. Your read performance might be slow. Please read https://github.com/osxfuse/sshfs/issues/57 for details. To fix this please executed: $ sudo curl -sSL https://tiny.cc/apewqz >\"$(which sshfs)\"" fi fi mkdir -p "${ROOT_DIR}" if [ ! -f "${SSH_KEY_FILE}" ]; then echo "${SSH_PRIV_KEY}" >"${SSH_KEY_FILE}" chmod 600 "${SSH_KEY_FILE}" fi if [ x"$1" = xinit ] || [ x"$1" = xnew ] || [ x"$1" = xi ]; then if [ x"$2" != x ]; then usage fi master_pwd_new derive_secrets "${MPASS}" export THC_RFS_SECRET="${RSEC}" export THC_SSH_PASSWORD="${SPAS}" export THC_RFS_VERSION="1.1" # Bump the server to create a new file share # shellcheck disable=SC2086 # Allow SSH_PARAM to split into words ssh -p ${THC_RFS_PORT} ${SSH_PARAM} -o SendEnv="THC_RFS_VERSION THC_RFS_TOKEN THC_RFS_SECRET THC_SSH_PASSWORD" rfs-init@${THC_RFS_SERVER} ret=$? if [ $ret -ne 0 ]; then echo "Server problem. Aborting..." exit 1 fi echo " --> You MUST remember this SHARE-SECRET. Access to the data is lost <-- --> *FOREVER* if the SHARE-SECRET is lost. KEEP IT SAFE. <-- ############################################## ## ## ## SHARE-SECRET: $MPASS ## ## ## ############################################## SUCCESS! Now mount your newly created file system like so: $ $0 mount -x or $ $0 mount ${MPASS} or $ SEC=${MPASS} $0 m " exit 0 elif [ x"$1" = xstop ] || [ x"$1" = xu ] || [ x"$1" = xumount ] || [ x"$1" = xunmount ]; then # Unmount all if no share-secret if [ ${#2} -eq 0 ]; then unmount_all exit 0 fi # Unmount by mount point if [ -d "${2}" ]; then MPOINT=$(mp_sanitize "${2}") if [ ! -f "${MPOINT}/.thc.id" ]; then echo "ERROR: Please specify the SHARE-SECRET instead of the mount point" echo " $0 umount " echo "or unmount all devices:" echo " $0 unmount" exit 1 fi RID=$(cat "${MPOINT}"/.thc.id) unset MPOINT else # Unmount by share-secret get_mpass "${2}" derive_secrets "${mpass}" fi unmount "${RID}" exit 0 elif [ x"$1" = xclean ] || [ x"$1" = xc ]; then # unmount all directories and clean all runtime directories unmount_all [ -d "${ROOT_DIR}/.run" ] && rmdir "${ROOT_DIR}/.run" for x in "${ROOT_DIR}/sec-"*; do if [ ! -L "${x}" ]; then break fi rm -f "${x}" done rm -f "${ROOT_DIR}/.id_rsa-rfs" rmdir "${ROOT_DIR}" exit 0 fi # HERE: Command is 'mount' or similar. if [ x"$1" != xmount ] && [ x"$1" != xm ]; then echo "ERROR: Unknown command or illegal share-secret." usage fi get_mpass "${2}" derive_secrets "${mpass}" # Create state/runtime directories mkdir -p "${ROOT_DIR}/.run/id-${RID}" debug "DEBUG master $MPASS (r $RSEC e $EPAS rid $RID s $SPAS)" mkdir -p "${ROOT_DIR}/.run/id-${RID}/rfs" # Linux non-root does not allow 'allow_other' # shellcheck disable=SC2086 # Allow SSHFS_OPT to split into words sshfs -p "${THC_RFS_PORT}" ${SSHFS_OPT} -o ssh_command='ssh -o StrictHostKeyChecking=accept-new' -o password_stdin,idmap=user,uid="${UID}",gid="$(id -g)" rfs-"${RSEC}@${THC_RFS_SERVER}:rw" "${ROOT_DIR}/.run/id-${RID}/rfs" <<<"${SPAS}" ret=$? unset SPAS if [ $ret -ne 0 ]; then # sshfs failed. echo "ERROR: sshfs failed." echo " 1. The volume is already mounted." echo " 2. Wrong SHARE-SECRET." echo " 3. The server can not be reached." exit 1 fi # Check if the 'encrypted' subdirectory exists if [ ! -d "${ROOT_DIR}/.run/id-${RID}/rfs/encrypted" ]; then # File system exists (sshfs worked) but no file found. # This should never happen unless someone delete the 'encrypted' # directory manually. echo "ERROR: File System does not exist. Wrong share-secret?" exit 1 fi # Increase block-size to 4k to increase EncFS performance (3x on MacOS) FILE="${ROOT_DIR}/.run/id-${RID}/rfs/encrypted/.encfs6.xml" if [ -f "$FILE" ] && [ ! -f "$FILE"-old ]; then replace "${ROOT_DIR}/.run/id-${RID}/rfs/encrypted/.encfs6.xml" "blockSize>1024" "blockSize>4096" fi # Display MOTD and wait...Only way we can notiy a user.. if [ -f "${ROOT_DIR}/.run/id-${RID}/rfs/motd" ]; then # Discard any nasty characters. Limit to 24 lines. tail -n24 <"${ROOT_DIR}/.run/id-${RID}/rfs/motd" | sed 's/[^a-zA-Z0-9#!. ]//g' echo "Waiting 10 seconds before continuing..." sleep 10 fi # Cleanup previous state USER_MOUNT_POINT="${ROOT_DIR}/sec-${RID}" ENCFS_MOUNT_POINT="${ROOT_DIR}/.run/id-${RID}/rsec" [ -L "${ENCFS_MOUNT_POINT}" ] && rm -f "${ENCFS_MOUNT_POINT}" rmdir "${ROOT_DIR}/.run/id-${RID}/rsec" 2>/dev/null if [ ${#3} -ne 0 ]; then MPOINT=$(mp_sanitize "${3}") if [ ! -d "${MPOINT}" ]; then echo "Directory ${MPOINT} does not exist." unmount "${RID}" exit 1 fi # Link from the default mount point to the user specified mount point ln -sf "${MPOINT}" "${ENCFS_MOUNT_POINT}" ENCFS_MOUNT_POINT="${MPOINT}" USER_MOUNT_POINT="${ENCFS_MOUNT_POINT}" unset MPOINT else mkdir -p "${ROOT_DIR}/.run/id-${RID}/rsec" fi ENCFS_OPT="-S --standard --no-default-flags" FUSE_OPT="${FUSE_OPT} -o use_ino,default_permissions" if [[ x"$OSTYPE" == "xdarwin"* ]]; then CLEAR="${USER_MOUNT_POINT//[^a-zA-Z0-9_\/-]/}" VOLNAME="$(basename "${CLEAR}")" FUSE_OPT="${FUSE_OPT} -o volname=${VOLNAME},async,local" fi # Securely pass password to encfs...well, as secure as this shit can be. # # shellcheck disable=SC2086 # Allow ENCFS_OPT to split into words encfs ${ENCFS_OPT} "${ROOT_DIR}/.run/id-${RID}/rfs/encrypted" "${ENCFS_MOUNT_POINT}" -- ${FUSE_OPT} <<<"${EPAS}" >/dev/null ret=$? unset EPAS if [ $ret -ne 0 ]; then echo "EncFS failed. Aborting..." unmount "${RID}" exit 1 fi ln -sf "${ENCFS_MOUNT_POINT}" "${ROOT_DIR}/sec-${RID}" # Store the ID. We need this to 'erfs u ' echo "${RID}" >"${USER_MOUNT_POINT}/.thc.id" echo "Encrypted partition mounted to ${USER_MOUNT_POINT}" erfs-1.4/license000066400000000000000000000001261375124717500136750ustar00rootroot00000000000000This software is released under the GPL-2+ license. See https://www.gnu.org/licenses/ erfs-1.4/man/000077500000000000000000000000001375124717500131045ustar00rootroot00000000000000erfs-1.4/man/erfs.1000066400000000000000000000054171375124717500141340ustar00rootroot00000000000000.TH ERFS 1 .SH NAME erfs \- a tool to create an encrypted file system on the cloud .SH SYNOPSIS .B erfs .I " [-options] []" .br .SH "DESCRIPTION" .B erfs is a simple unix utility which creates and mounts an encrypted remote file system. The file system is encrypted locally and the encrypted data is stored in the cloud. .P The cloud server has no knowledge of the content. A rogue server operator can not access the data. All key material is created on the user's computer and never stored or transferred to the server. .P It supports collaboration and the same filesystem can be accessed from different computers at the same time. The data is securely and seamlessly synchronized. .SH COMMAND .TP 13 .I init Initialize (create) a new file system and print the SHARE-SECRET of the newly created file system. .TP 13 .I mount Mount the encrypted remote file system. .TP 13 .I umount Unmount the encrypted remote file system. SHARE-SECRET is optional and all filesystems will be unmounted if no specific SHARE-SECRET is given. .SH OPTIONS .TP 13 .I \-x read the SHARE-SECRET from standard input. .SH SECURITY Passing the SHARE-SECRET as command line parameter is insecure. Use the -x option or set the environment variable (example): .P $ SEC=aDe5F2ik3x35x7pfAEAWdC5Y ./erfs m .SH ENVIRONEMT The following environment variable can be set to control the behavior. .P .I SEC= Specify the SHARE-SECRET to pass it (securely) to erfs. .SH COPYRIGHT ERFS is entirely my own creation, although plenty of other code was used as examples. It is released under GPL. .SH NOTES The latest version is available from https://github.com/hackerschoice/erfs/. .SH BUGS Efforts have been made to have erfs "do the right thing" in all its various modes. If you believe that it is doing the wrong thing under whatever circumstances, please notify me and tell me how you think it should behave. I certainly encourage people to make custom mods and send in any improvements they make to it. Continued feedback from the Internet community is always welcome! .SH EXAMPLES Initialize a new encrypted and remote file system: .br $ erfs init .P Mount the new file system (replace aDe5F2ik3x35x7pfAEAWdC5Y with the SHARE-SECRET from the previous step): .br $ erfs mount aDe5F2ik3x35x7pfAEAWdC5Y .P or mount to a specific mount-point (~/secure-drive): .br $ mkdir ~/secure-drive .br $ erfs mount aDe5F2ik3x35x7pfAEAWdC5Y ~/secure-drive .P Unmount the file system: .br $ erfs umount ~/secure-drive .P or unmount the file system by specifying the SHARE-SECRET: .br $ erfs umount aDe5F2ik3x35x7pfAEAWdC5Y .P or unmount all encrypted file systems: .br $ erfs umount .SH AUTHOR This manual page was written by skyper . .P ERFS was written by skyper . erfs-1.4/osx/000077500000000000000000000000001375124717500131425ustar00rootroot00000000000000erfs-1.4/osx/sshfs_2_9_f1-speed-bugfix000077500000000000000000002202141375124717500176360ustar00rootroot00000000000000` H__PAGEZERO(__TEXT__text__TEXT__stubs__TEXT __stub_helper__TEXT$__const__TEXT@p@__cstring__TEXT__unwind_info__TEXTT__DATA_CONST__got__DATA_CONST8__const__DATA_CONST@@8__DATA __la_symbol_ptr__DATA__data__DATA__bss__DATAH__LINKEDIT  "0(( @  P  /usr/lib/dyldtn9;[2   ,*( @ /usr/local/lib/libosxfuse.2.dylib H/usr/local/opt/glib/lib/libgthread-2.0.0.dylib H/usr/local/opt/glib/lib/libglib-2.0.0.dylib H /usr/local/opt/gettext/lib/libintl.8.dylib 8d/usr/lib/libSystem.B.dylib& )  UHAVSHPHnHHEHfHnHfHnflfMH=_H}HEEHEHEEHtL:誥Ht,HH5H H DLuLƣL谣1HHH;Eu HP[A^]f.UHHHH8H5ϭ1]f.UHAWAVAUATSHIHRHHEЉHDžH9H5j襤HuH=Y1螣HH}fo% aIHOHHHRHHH=H5)L H=hH50 H=LH5 H=0H5ߩ} H5HH n HD HfHnHfHnflfH=HHDžDžHHDžHu O,HǾ:HuH5TH}H LL5L j \t%_itMHyHfHSH@H)H=*HH  Ht+H5zzHH LH vH=Ht!H5zHH LuH=H=֟=tH@H8H51H<1袟=t2= HHH= >=臠=ADLLcLAE1葠HzH HLo AE~LMcH5K1fH޺1Š H5!< t HL9|1D9HDH=H5ٞ^ 1=# H=H] GH=Hf. HHNJ[ttK:uDfD HH]tՄuH}HH=un褝H`H辞HH*HE1H${HKHE HE1HE у\tA t uAEt HH=D觝u/L=L%I?-LMIHAHys5H=1HH=fH2H]H5H=?H" HHHDHHE؃t.H߾/蒞HuH=H5y貜7H=H蚜H=7H-}H`1r=r =r H=tHH3H߃uB,谝Ht.HHf.DHH,tuIQ葝H|%IHf.\HHH,t\tuH蛛H=gL1HHHCHkLcH1u=Linu3x u$2.4.uH=HHHH|Hњ/=t DžfAHHuHIH1Ǿ1ܙH=~IwHbHLHE1HIľ 进H=1iH=01[H=1#110HH=;(J= HK 8L=eLEffHDžHLh:fof`fPHPxGfo`fH~軘ffHDžHHY?et iHHHPH9vTHнHH=޶H=誙. D9xHHH=`LA<H9eHH9zA HH=HL-w HcH <˙H5`HLLI1w8HHH=HܼHH= ͗H8=L8H~|t L(LE1ALH:HL7LՖH論=ttH%HtH11HIE1HH8H LL DD5D%H5HڸATARAVAS&H HvH=jH=q HuHH;EEDHĈ[A\A]A^A_]HHHxv2Åvxd@u-ʁҁ@tHH8HH59*11= HúH8HqH5%L1"謔讔H=J}ÔHrH H= cH;IH51返腔~HL%gHHH=?HLL芔&HչHH=*SH=P-LUf.UHAWAVAUATSPIIHHc HAH=L:HLHE1IH=/H=H5ۓE12IH=E1L1ZHH=H蠓H˓~AA?-trL_IL-HԸf.L+HMtAL.A9vA<=uLLuH=-`ADH[A\A]A^A_]IFH8H5LLFH=H51H5L角LS1ԑfPmUHHH=1]鈓f.UHSPHH=p;oHT;HsHE1H[]UHAWAVSHhIHW)EHEH}-=BD(E)E)EHEHu߹E1AiPjp3HH}HM޺i(6foEfI~Džu!H}L1-AFpH}LHh[A^A_]fUHAWAVAUATSHxH=-IIIW)pHEHpL,(p)E)`HEH`E1AhPj}2HH}HMh25foEfH~DžtL}L}LeIGL9H}v*HHH=vAHuB >HE$ILL)s%H2HH=@#L}H9u1 HuHU运HUHuHI L9v0H ȴH H=֭I趏L*~LHHHEIfLML}A=A9/L}H 9/LHHXH/tHɐQH/tH8u,@tH@/t~HDAHD8t@uA/tAЉHEu@/tLL}ڄHIA\$IĀ/tILQH/tIL8u,@t>@/tpHA~I@8t@u@/t ׉IL@u@/t QH/tuELIULHCD/H詍1H}融H}蕍Hx[A\A]A^A_]1HAHɀ/ttPHH/uQH/tAvuCvLuH|臎HtbHHEtDH../HuA<$t L&EtHpHEf.H}ߌwf.UHAWAVAUATSHXA%=HW)EHEH}(E*LeH]Ml$I9v*I\$CHH]H}H2IHEHu gL}EC'LLmLmEMl$I9v(I\$GHH]LHIHEHEHMALmADuMt$ I9v'IKILeLL蛍IHEHEC/LuL}LuLeHuE1AfATj-HH}HMf:0Åu`LuHEHELuHEHuE1AeATj+-HH}e1/LL}LڊHX[A\A]A^A_]&~Q~UHAWAVAUATSH8AHW)EHEH}&EH]LeLkM9v)LcCILeH}LKIHEHu ~LuEALmAȉEL{M9v#HGHH]LHIHEHtoEC.L}LuL}HEHuE1AePj+HH}e1.L謉H8[A\A]A^A_]}UHSHHHW)EHEH}%(E)E)EHEHu E1AePjX+HH} e1.foEfH~ HH[]DUHSHHHW)EHEH}$(E)E)EHEHuE1AePj*HH}e1-foEfH~|HH[]DUHAVSH@==IHW)EHEH]H)HLG$(E)E)EHEHuE1AePj*HH}e1,foEfH~LJH@[A^]f.@UHAWAVAUATSHXIIHHHEЃ=HW)HDžH5H(HLe#HLZ#H())HE1AePj)HHHW)HDžHL"HL"H())HE1AePj(HHe1A+fofH~;[MLPIHH=-HL~L-LHHigfffHH?H"ɍ )0B=L蒇HHigfffHH?H"ɍ )0B=LcHHigfffHH?H"ɍ )0B=L4HHigfffHH?H"ɍ )0B=LHHigfffHH?H"ɍ )0B=LֆHHigfffHH?H"ɍ )0B=L视HHigfffHH?H"ɍ )0B=LxHHigfffHH?H"ɍ )0B=BƄ=ffHDžHHLa HHR ())LHE1AeAUj&HHe1(AfofH~軃EffHDžHHLHL())HE1AeAUj^%HHe1(fofH~ LffHDžHLLLH())E1AeAUj$HHe1e'HffHDžHfH()) E1AeAUj)$HH e1&fofH~ׁHBHH;EuHX[A\A]A^A_]6UHAWAVSHH=XIHW)EHEH5՟L}L"LHuLLj(E)E)EHEHuE1AePj6#HH}e1%foEfH~HH[A^A_]UHAWAVAUATSH8AHW)EHEH}EH]LeLkM9v)LcCILeH}L[IHEHu tLuEALmAȉEL{M9v#HGHH]LHIHEHtoEC.L}LuL}HEHu E1AePj"HH} e1$LH8[A\A]A^A_]sUHAWAVAUATSHHAI=xtD9%cuD%V9\uPu>H=>Ht2DHM1tDet tEsu?H=Ht3HM1t]tjE]W)EHEH}LEL}H]MwI9v)I_CHH]H}HoIHEHu TsLmECD=LuADeMgI9v'I_GHH]LH'IHEHECD5LeEȉEMw I9v#IKIL}LLIHEHtuECD%LuLmLuHEHu E1AePjHH} e1"L}HH[A\A]A^A_]rrrf.@UHAWAVAUATSH8IIHH~H;H~Mtfľu\W)EHEH}L!EL}H]MoI9v=I_CHH]H}H~IHEHu0rLL1?LeECH9Cu8CH]H=KzHCL9LeLH)HEHEHEH=z1LLeIHMLHUHIHH]ȃ}t'Ht"H9CwIN`HUHLLIHLMt'IMuLLLCAD9}H8H(E1 IcILHLHCxAADH([A\A]A^A_]E1L}cf.UHAWAVAUATSHIHHHPH4HHEIXL5LjyHXD{tyLWyAA9HùH3yHtH*y=iuHXxXW)E)E)E)EH}E11xHHHMfDD5 L9H8LBHXL`ML`t$I\$?HH!xH^IH f1E11LXI6LwMfLH ȉlIL$H9v:II\$CHLH]xHIH`LIL`lCD%DȉlIT$H9L0v;H@II\$GHLHwHILL`H@lAD DȉlM|$ I9v%HIKILLwHKIHڋlADLpLxHPH]LuHpH GLGE1jHEPlHAL;uEAH8L)t"LHPL0MEE1H=Iv}H]t#L53f.HLwv}uH=vEuDeEuLHHHH;E)DHĨ[A\A]A^A_]HHHMfD5mL9H8LBHXL`ML`t$I\$?HHuHIH f1E11LXI6L[uMfLH ȉEIL$H9v=II\$CHLHuHzIH`LIf.L`ECD%DȉEIT$H9L0v;H@II\$GHLHTuHILL`H@EAD DȉEM|$ I9v%HIKILLuHIHڋEADLpLxHPH]LuHpH CL*DE1jXHALrH8L)LHPL0MEE1qGjiijsih i4i@UHAWAVAUATSHxI=HW)pHEH5VLpLTLH (p)E)`HEH`E1APjHH}HMfoEfI~DžKHEHuHHH9vzHݖHH=qLuID$8 +I $IL$1H1HAD$AD$AD$Hʚ;ʚ;ID$LuA<HMHPH9zALHUHP H9dA\HUHPH9NEl HUHPH98HUHPH9'ELHUHPH9HUHP H9EDHUHP$H9HUHP(H9ET$HUHP,H9HULX0I9AT,UL]HP4H9HUHP8H9E\4D]HUHPHuLyfIAD;e|M1f.E'MLTfL8L}LHH~HH=xMM+tiL+[IEHubOTIIȃxAH jHcH1@eDtIIE1IEMuIJ 6I;v"H~HH=wYIHLrZME1IKgAADDI%AAAA AI AIAIAIAIaw;UHSH1ۃ=Ú_==C|YHEH(~_EH5sH}foEfEfEHUfoEfH~\WffEHEH}HuPMet iHEHuHPH9v2H|HH=uRLEA<HU9uWe>HH9wAHEH&|H8H5du1V=ucAH|HH=#uH{HH=u V=Ku H{HH=5u VH}&VڗE@HuHUпWHn1H11Wt,H Y{HXH5rHH1U&H^WHuп1rW^H[]H}HHU&E @V9$1TV*$==HzH8H5s_Of.@@8@w0UHH?t@HHc H]HtHtHtHtHtH tH tHtHtHtHtHtHtHtHtHtHtHsHsHsHsHsHsHsHsHsHsf&.6666666666666666666666666666666666666666666666666666666=>FNV^fnv~66666666666666666666666666666666666666666666666666666666666666666666666666666666@UHAWAVAUATSH8HvHHEHIIA pRHIMtIGDHs11Hu9RNLH)I}811ҐHGHGHGHHH@H9uHtHITfDHHHuAA^AEfLuHE MtP1fHHHItIDHDHtHL9rH=ƒQuH=QLeAߋ=LDRtCf.IL$H9w)IIu>HH)IL$I$H1uHH=p "P1H=QQLOHtHH;EuH8[A\A]A^A_]H=oPN*JUJDUHAWAVAUATSHXHtHHEЃ=?\HHБ11=%1LLLIassword:fDžsfDžL`O[gfL=-L,PV HcۈÃeL9u2LL%LL&PLIHTPAEAMAUfHHL5ΏW)))HHHHLHnNH rL9ONH5iLLHI1M<HrHH=j(==*H=6j1HNÉ N#ONIƉ{HǾ1NjWHxpP sN7HHp PK)DžH߾ANH Lώ͎1ۅH[qHH=iLLE1H1MecvKt.81ۉ11MK}XL=ty|nLcL-L=OSMdLL*MtHL9|3H=hhLLJH=gMIDH"H=g1(LË1cJJJLtu ߾J JJI3JyH=XgI=tt:LL1KXI=܌I=͌I=tkL5XoIH=f IJ=8I6~5L=f1fH)HHL1IHHcI6H9|ֿ tIH5H>)IHnHH܊L0H8yKH5xfHLH1(IHH=fJ;H=e=(u1%JHcH=GHiHH=8HFJH%A JHIHË=HLJ>HHI)uMIL%mAEDsAw A}=mt I4$?HIEIEAL=HL J7HHI)uHymHH=ejHLG=G=9=tlGH=tQGu=st2GZHlHH;EHX[A\A]A^A_]H=eH]H9C H=d*H=cH=dH=cHH=tdCH=c]HI $E}Aσ=tI<$H5dD1FDDHEHGHHHLH=2HL;HtHHI)u4I $H=%dFHF+1H1HHHH9HQH90HD<AH)L9HDu 1HFHHHHLLL9HHHHHLFHB8L{M9LHD4AL)L9Du 1HXFHHHYK7HH;LHHLLFB3=φHtI<$H5bHH1DHH5bFu+HH5bFuHH5b_Fu!HH5bHFu |HH5b+Fu!HH5PbFu LHH5`bEHH5bEI $H=0bDZH=WaDZI $H=bCH!I $H=aCH3CH'C&?us>>> >fUHAWAVAUATSH8W)EHEH}HusL%QHgH8H5naD1'BLCH#BW)EHEH}Hu)HELmHHL9H]D<HMALCH= L_BHlIƋÄA+ 9v9w H=CH=ÃL-BL9C=AH}1BEA+MiA+HcLiMbLH?I&AAă=3t0HfH}HH5A`DHEE1@HrD;%srHuD%eD;%bvD%YDH SHH9DHL%HEIHEHMIIEAAdžA>tIL/%f.ItLALALAI@LHt.L@HheHH=v^Y@H=A=`?=9=ztM?Hh=jt2?V=Tt?@H=H51?)OH=P@H=t@=@uC@ǾU@1H8[A\A]A^A_]f.fUHAWAVAUATSPIIA@H&IHË=HL@HHI)uE}AAr%HcH8H5]D1X>AEA$AL?IHIIFM~1ۋ=LL?ttJHII)u%HqcHH=[b>L=H[A\A]A^A_]H=[(?IFIM~1x::UHSPHdž>tHH,.HHtHHK=H{+H=H[]UHAWAVAUATSHIHtIIHLHtDL?DžHL1 AŅHL@AŅE1L9xL&<HIEHUL1AŅmM1ېJ~H LH)L9HLI4LHLE&AŅ~ IcHL9|HuLE ELMtOIHu׺LLIAŃuLHQAMLHAEH]L1HAŅHuLEHUL1AŅucM~C1ۋE}H LH)L9HLI4LHLE1AŅx IcHL9|ExHuLAHuLoL:DH[A\A]A^A_]fUHAWAVAUATSH(HAIуADuHEH]8DdM;HHHC HCH{(1;CpC|HChL5|L;:}Cx }H]CtL;W)EHEH}LADH]LuLkM9L}v)LsCILuH}L;IHEHu 6LeALmDžL{M9v'LsGILuLLe;IHEH%C,L}EȉLk M9v'HKHH]LH;IHEHCI;E v#HYHH=R3IuH}L4M}I]0AI;](rfIEIMHHHI}53H}3HUH)LmIHEI9D$(;E1LDH([A\A]A^A_]AD$hEwE|$hEkHI;E v%H4XHH=BQHӺ"3IuH}H3I]AoE(fHnfpDfAE(AEaIcI$I)D$PUHHH]f.@UHSPHHcHt HC8HC8AGH=CqH[A\A]A^A_]0UHH@|HHPHp HHHHH ]f.fUHAVSHLtAFX^tUeu,HHHH;vmHSHH=LHSHH=L.HHHHHI~(/AN|t[A^]L[A^]t.H<HtAFXf.@UHH]ÐUHSPHt C8 ugtUeu,HHHH;vCHRHH=KHRHH=K- t&H[]H<HtC8 uHHH[]w.UHAWAVAUATSHLLoIGL9w*IHB 9HGMԅDHuHUIM9s+HRHH= K-A<MɉM1f.fM&AM~LL)H9HMu 1HEfw-HHEHIL9ML}LLHK-IFH INAH\MnLH)s5HFQHH=JJ7,A f.I6D<I^AAL9sL}f.@Du1Hu,HuHH*J;L9v1HPHHH=I+H+L}pHHLV,M~H*LH1AąL}u:=lt%=u fDžH}LHUE1L*EuYHM;MsIFMnLxM9E1/HOHH=H*H}>*ADH[A\A]A^A_]((f.UHAWAVAUATSH MHHHxIHNOHHE11t*HH11a*LI*AH5NJL)HIHf)H)D9L!HH߾L)HL-JLpE1Lo@HH8EAL)HH8A7Lw)H(L(LDHH߾L(HcANJt< tL`(AHpH߾ *Ht ELL*HD1f.fHDݰHLL}*HwHuDu L}LuL}Luv'L1 7*IY'8L)HHxINjiMt;HMH8A$H5HHHEI1j'ct%HLH8H5}HHDL1<'HjL'-HLHH;EuH [A\A]A^A_]&H{LH8H5HHD1&&HOLHO&8(H5^HHߋHI1&_&HLH8H5GHKH%8(H5GHKH%8(H5GHLiHKH8DH5GLSHKH8H5GH1&%HuKHu%8(H5&H=_lH!%L[A^])&[A^]f.@UHAVSHL5/lL%H=lH$HYlL[A^]%DUHAWAVSP=kHIIH=k%H9lH=kLb$HHu*L$Iǿ$HH=kLH*$HL$1% =kHHH;~H1%HHE#kHtkH9~HH= k#;jwjHNkH9~"H=jH5[HU#HEH'kH=j$H[A^A_]UHAVSL5jL$HjL$H[A^]UHSPH=jHHkHjHHk)jHHjGjHG8HjG(jG@)jGP)jG`)jGp)j)jHHj)jjj)kHH k0kƒ ʉ k0 ʉj=Bi6HHH/HDHiHOHHHDHiHHHHDHiHOHHHDHniHO HHHDH]iHO8HHHDH\iHO(HHHDH3iHO0HHHDH"iHO@HH4HDHiHOHHHK HDHiHOPHH HDHhHOXHH HDHhHO`HH0 HDHhHOhHHw HDHhHHH HDHhHHH HDH$iHHH HDHiHHHW HDHhiH=g1O!H=EH5EHEH I HUgHu"HDHH=oB1HH[]f.fUHSPHH HH[]f.UHH'<HfH5ff(&)fHE1]f.UHH 1H;]f.UHH0HuHUHYfHHuH0]fUHHGLGH11]AfUHAWAVAUATSPIIH=fH=fLHtHE11[ H9}OHeHHL-fHHeLLAąu/LLLE1LHH=eQDH[A\A]A^A_]fUHAWAVAUATSPHIIH=Be H=.eLHtIE11I9BH=eHdLLHPADž=H=dH=dLtIHu*LIĿIH=dLH<I$LHtL>tHHuL)LxI1 0dHII;~IE11HHEЋ dH\dH9~cH=d;cwcH6dH9~=H=cH5CHUxHEHdIHSLADH=c~DH[A\A]A^A_]fDUHAWAVAUATSH8IIIH=oc:H=[cLHt!HHt1H9L-.cLL}LeLu HELHJcLH]HbHxHuLAH}1HEL Et LH=bxH=bLCHHu*LIǿbHH=jbLH HeL1 bHHH;~H1HHEЋbHRbH9~HH=a;awaH,bH9~"H=aH59HUnHEHbH=aH}1DH8[A\A]A^A_]HH3Ht#HfL11AH3HHuH=ca4E1fUHAVSIH/aPÅuL^[A^]UHAVSIH`P ÅuL.[A^]UHAVSIH`P8ÅuL[A^]UHAVSIH`P(ÅuL[A^]UHAVSIHo`P0ÅuL[A^]UHAWAVSPIHH9`P@AƅH=4`H= `H5HH= `HH=_LH߾/HHt?H)t'HHHH=_HHWH=_H54lL/Ht?L)t'LHHH=v_H8HH=]_H54H=R_#DH[A^A_]f.DUHAWAVATSIIH_PHÅu7=^t&L%^LH=^LLL[A\A^A_]f.UHAWAVSPIH^PPÅu0m^t&L=^LZH={^L=LIH[A^A_]fDUHAWAVSPIH<^PXÅu0 ^t&L=2^LH=^LLH[A^A_]fDUHAWAVSPIH]P`Åu0]t&L=]LH=]L}LH[A^A_]fDUHAWAVSPIH|]PhÅu0M]t&L=r]L:H=[]LL)H[A^A_]fDUHAWAVSPIH]Åx-L=]LH=]LHC]LH[A^A_]fDUHAVSIH\ÅuL[A^]@UHAWAVSPIH\Åu0Z\t&L=\LGH=h\L*L6H[A^A_]UHAWAVAUATSPIIIH=2\H=\LHtHE11xH9}[H[HHH-\HEHH[LLLAŅu0LLHUE1LHH=[bDH[A\A]A^A_]f.UHAWAVAUATSPIIHH11SADžu`LkL9LHAF=r=HxH5FHEH=C/L1IHS HLLDH[A\A]A^A_]DUHSPHH=ZH=ZHnH߾/Ht?H)t'HHHH=xZH:HH=_ZH5/H=TZH[]fUHAVSHIHmLHHk1Ʌ[A^]ÐUHAWAVATSt|N#AILPL1et [A\A^A_]I|$11mt L1Et$A$ fDUHAVSHLwL:HPHHLL1 ى[A^]f.@UHAWAVSPIHLL; u CAE1|ALDH[A^A_]f.UHAWAVSPHLwLw; u%C=w(HKE1u,HPH" "AL*DH[A^A_]fDUHAWAVATSH IIHt I|$ʚ;rIH5HEI_H]IFHEHEIFHA? u+AtAO1,IPHLXu7A? t*HEIFH}UȉH [A\A^A_]Ã6%@6%B6%D6%F6%H6%J6%L6%N6%P6%R6%T6%V6%X6%Z6%\6%^6%`6%b6%d6%f6%h6%j6%l6%n6%p6%r6%t6%v6%x6%z6%|6%~6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6%6L6AS%#hhhhhhhh'h>hQhbh{xhnhdhZhPhFh)2h_(hbhqh hhhh h)hEh_huhhhhhh~hth"jh:`hMVhLhBh#8h2.hJ$h^hkhxhhhhhhhhhhh hh(h5zhEphSfh`\huRhSHhu>h4h*h hh hhhhh&h3hBhQh_hlh{hhhhvhlhbh Xh%NhDDh^:hu0h&hhhhhh*h:hIhVhfhhhhhhh|hrh hh ^h$ Th3 JhG @hW 6hg ,hw "h h h h h h h  ^95f-ossh-x-a-oClearAllForwardings=yesneed a uidfile or gidfile with idmap=file SSHFS version %s 2.9.f1the password_stdin and slave options cannot both be specified missing host see `%s -h' for usage -%i/usr/lib/sftp-serversftp-sac_attr_timeout=-oauto_cache,ac_attr_timeout=0mainsshfs.clibver >= 27-osubtype=sshfs,fsname=%sWARNING: failed to set FD_CLOEXEC on fuse device sent: %llu messages, %llu bytes received: %llu messages, %llu bytes rtt min/max/avg: %ums/%ums/%ums num connect: %u noneallrenamenorenamenodelaynonodelaynodelaysrvnonodelaysrvtruncatenotruncatebuflimitnobuflimitfstatnofstatunknown workaround: '%s' directport=%sssh_command=%ssftp_server=%smax_read=%umax_write=%ussh_protocol=%u-1workaround=%sidmap=noneidmap=useridmap=fileuidfile=%sgidfile=%snomap=ignorenomap=errorsshfs_syncno_readaheadsync_readdirsshfs_debugreconnecttransform_symlinksfollow_symlinksno_check_rootpassword_stdindelay_connectslavedisable_hardlink-p -C-V--version-h--helpdebug-d-f-F -o%s-oPort=%s-oCompression=yes-F%s-hointernal error AddressFamilyBatchModeBindAddressChallengeResponseAuthenticationCheckHostIPCipherCiphersCompressionCompressionLevelConnectionAttemptsConnectTimeoutControlMasterControlPathGlobalKnownHostsFileGSSAPIAuthenticationGSSAPIDelegateCredentialsHostbasedAuthenticationHostKeyAlgorithmsHostKeyAliasHostNameIdentitiesOnlyIdentityFileKbdInteractiveAuthenticationKbdInteractiveDevicesLocalCommandLogLevelMACsNoHostAuthenticationForLocalhostNumberOfPasswordPromptsPasswordAuthenticationPortPreferredAuthenticationsProxyCommandPubkeyAuthenticationRekeyLimitRhostsRSAAuthenticationRSAAuthenticationServerAliveCountMaxServerAliveIntervalSmartcardDeviceStrictHostKeyCheckingTCPKeepAliveUsePrivilegedPortUserKnownHostsFileVerifyHostKeyDNSusage: %s [user@]host:[dir] mountpoint [options] general options: -o opt,[opt...] mount options -h --help print help -V --version print version SSHFS options: -p PORT equivalent to '-o port=PORT' -C equivalent to '-o compression=yes' -F ssh_configfile specifies alternative ssh configuration file -1 equivalent to '-o ssh_protocol=1' -o reconnect reconnect to server -o delay_connect delay connection to server -o sshfs_sync synchronous writes -o no_readahead synchronous reads (no speculative readahead) -o sync_readdir synchronous readdir -o sshfs_debug print some debugging information -o cache=BOOL enable caching {yes,no} (default: yes) -o cache_max_size=N sets the maximum size of the cache (default: 10000) -o cache_timeout=N sets timeout for caches in seconds (default: 20) -o cache_X_timeout=N sets timeout for {stat,dir,link} cache -o cache_clean_interval=N sets the interval for automatic cleaning of the cache (default: 60) -o cache_min_clean_interval=N sets the interval for forced cleaning of the cache if full (default: 5) -o workaround=LIST colon separated list of workarounds none no workarounds enabled all all workarounds enabled [no]rename fix renaming to existing file (default: off) [no]nodelaysrv set nodelay tcp flag in sshd (default: off) [no]truncate fix truncate for old servers (default: off) [no]buflimit fix buffer fillup bug in server (default: on) -o idmap=TYPE user/group ID mapping (default: user) none no translation of the ID space user only translate UID/GID of connecting user file translate UIDs/GIDs contained in uidfile/gidfile -o uidfile=FILE file containing username:remote_uid mappings -o gidfile=FILE file containing groupname:remote_gid mappings -o nomap=TYPE with idmap=file, how to handle missing mappings ignore don't do any re-mapping error return an error (default) -o ssh_command=CMD execute CMD instead of 'ssh' -o ssh_protocol=N ssh protocol to use (default: 2) -o sftp_server=SERV path to sftp server or subsystem (default: sftp) -o directport=PORT directly connect to PORT bypassing ssh -o slave communicate over stdin and stdout bypassing network -o disable_hardlink link(2) will return with errno set to ENOSYS -o transform_symlinks transform absolute symlinks to relative -o follow_symlinks follow symlinks on the server -o no_check_root don't check for existence of 'dir' on server -o password_stdin read password from stdin (only for pam_mount!) -o SSHOPT=VAL ssh options (see man ssh_config) sshfs: memory allocation failed %s/%s%s%s.[%05i] %s failed to create thread: %s failed to resolve %s:%s: %s failed to create socketfailed to connectwarning: failed to set TCP_NODELAYfailed to create socket pairfailed to fork-X/dev/nullfailed to redirect input/output/executing <%s>failed to execute '%s': %s /dev/ptmxfailed to open ptygrantptunlockptWarning: server uses version: %i, we support: %i pollTimeout waiting for prompt readEOF while waiting for prompt remote host has disconnected Server version: %u Extension: %s <%s> posix-rename@openssh.com1statvfs@openssh.com2hardlink@openssh.comfsync@openssh.combuffer too short protocol error bad reply ID failed to stat home directory (%i) remote_uid = %i failed to detect remote user ID reply len too large: %u request %i not found [%05i] %14s %8ubytes (%ims) INITVERSIONOPENCLOSEREADWRITELSTATFSTATSETSTATFSETSTATOPENDIRREADDIRREMOVEMKDIRRMDIRREALPATHSTATRENAMEREADLINKSYMLINKSTATUSHANDLEDATANAMEATTRSEXTENDEDEXTENDED_REPLY???sftp_send_iovcount <= SFTP_MAX_IOV - 1writezero write sshfs_readlinksize > 0../long read sftp_readdir_asynclist == NULLuidrfailed to open '%s': %s failed to stat '%s': %s '%s' is not owned by uid %lu '%s' is writable by other users %s(%u): no local %s %s: remote %s %u => local %s %u failed to close '%s': %s%s:%u: line too long :%s:%u: unknown format Invalid id number on line %u of '%s': %s Failed to look up user '%s': %s gidFailed to look up group '%s': %s Failed to allocate locked page for passwordReading passwordPassword too long -oNumberOfPasswordPrompts=1missing ']' in hostname Linux2.4.-olarge_readfailed to create hash table %s:%s: %s %s:%s: Not a directory %s:%s: type of file differs from mountpoint failed to create cache cache=yescache=nocache_timeout=%ucache_stat_timeout=%ucache_dir_timeout=%ucache_link_timeout=%ucache_max_size=%ucache_clean_interval=%ucache_min_clean_interval=%udarwin_sem_timedwaitcompat/darwin_compat.cres == ETIMEDOUT44Xa! LLL ?P ``"@#**56@7P880@@pE0FL ORffqqtt0upuPv`v wP~0`ЅЌ@ P0Е0@-7Ccov~3ER[jw3@U`x   %7Oľξؾ (2<FPZdnx *4>HR\fpzʽԽ$.8BLV`jt~޽ȿҿܿ",6@JT^hr|&0:DNXblv  *8<@DHL8<@DHL88<<@@DD%H.H9L?Lao~0```pxd d"/<HRPeTuXh()-/11 2289:0=?@@BPH LMMNOPO`OpQR"@`-A Q#`Bp0$p(RA`HpT0Q@_g_freeQr@_g_str_equal@_g_str_hash@___stack_chk_guard@___stderrp@_pthread_mutex_unlock@dyld_stub_binders@___assert_rtns@___bzeros@___errors@___stack_chk_fails @___strcpy_chks(@__exits0@_aborts8@_callocs@@_chdirsH@_closesP@_connectsX@_dup2s`@_execvpsh@_exitsp@_fclosesx@_fcntls@_feofs@_fgetss@_filenos@_fopens@_forks@_fprintfs@_fputcs@_frees@_freeaddrinfos@_fstat$INODE64s@_fuse_chan_fds@_fuse_daemonizes@_fuse_destroys@_fuse_get_sessions@_fuse_is_lib_options@_fuse_loops@_fuse_loop_mts@_fuse_main_reals@_fuse_mounts@_fuse_news@_fuse_opt_add_args@_fuse_opt_free_argss@_fuse_opt_insert_args@_fuse_opt_parses@_fuse_parse_cmdlines@_fuse_remove_signal_handlerss@_fuse_set_signal_handlerss@_fuse_unmounts@_fuse_versions@_fwrites@_g_frees@_g_hash_table_foreach_removes@_g_hash_table_inserts@_g_hash_table_lookups@_g_hash_table_lookup_extendeds@_g_hash_table_news@_g_hash_table_new_fulls@_g_hash_table_removes@_g_hash_table_sizes@_g_list_appends@_g_list_delete_links@_g_list_firsts@_g_mallocs@_g_malloc0s@_g_ptr_array_adds@_g_ptr_array_frees@_g_ptr_array_news@_g_strdups@_g_strdup_printfs@_g_strfreevs@_g_strndups@_g_thread_inits@_gai_strerrors@_getaddrinfos@_getgids@_getgrnams@_getpagesizes@_getpids@_getpwnams@_gettimeofdays@_getuids@_grantpts@_kills@_mallocs@_memcpys@_mlocks@_mmaps@_munmaps@_opens@_perrors@_polls@_printfs@_pthread_cond_broadcasts@_pthread_cond_destroys@_pthread_cond_inits@_pthread_cond_signals@_pthread_cond_timedwaits@_pthread_cond_waits@_pthread_creates@_pthread_detachs@_pthread_mutex_destroys@_pthread_mutex_inits@_pthread_mutex_locks@_pthread_mutex_unlocks@_pthread_selfs@_pthread_sigmasks@_ptsnames@_rand_rs@_reads@_reallocs@_realpath$DARWIN_EXTSNs@_setsids@_setsockopts@_signals@_sockets@_socketpairs@_strchrs@_strcmps@_strcpys@_strdups@_strerrors@_strlens@_strncasecmps@_strncmps@_strncpys@_strrchrs@_strseps@_strtouls@_times@_unames@_unlockpts@_waitpids@_writes@_writev__mh_execute_header-0 @  0P ` @P@00P 0 00000p`````0`@```00P00000000000000000000000000000000000000000000000000000 0000000000000P( Tb$fT$<BEa&/8J]hv} )9GYmx (BP^fn$3GU_j{%2:DRZciqy+;Kbv &.6>FPXenw  !"#$%&'()*+,-./0123456789:;<=>?@ABEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~2CDi  !"#$%&'()*+,-./0123456789:;<=>?@ABEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~__mh_execute_header___assert_rtn___bzero___error___stack_chk_fail___stack_chk_guard___stderrp___strcpy_chk__exit_abort_calloc_chdir_close_connect_dup2_execvp_exit_fclose_fcntl_feof_fgets_fileno_fopen_fork_fprintf_fputc_free_freeaddrinfo_fstat$INODE64_fuse_chan_fd_fuse_daemonize_fuse_destroy_fuse_get_session_fuse_is_lib_option_fuse_loop_fuse_loop_mt_fuse_main_real_fuse_mount_fuse_new_fuse_opt_add_arg_fuse_opt_free_args_fuse_opt_insert_arg_fuse_opt_parse_fuse_parse_cmdline_fuse_remove_signal_handlers_fuse_set_signal_handlers_fuse_unmount_fuse_version_fwrite_g_free_g_hash_table_foreach_remove_g_hash_table_insert_g_hash_table_lookup_g_hash_table_lookup_extended_g_hash_table_new_g_hash_table_new_full_g_hash_table_remove_g_hash_table_size_g_list_append_g_list_delete_link_g_list_first_g_malloc_g_malloc0_g_ptr_array_add_g_ptr_array_free_g_ptr_array_new_g_str_equal_g_str_hash_g_strdup_g_strdup_printf_g_strfreev_g_strndup_g_thread_init_gai_strerror_getaddrinfo_getgid_getgrnam_getpagesize_getpid_getpwnam_gettimeofday_getuid_grantpt_kill_malloc_memcpy_mlock_mmap_munmap_open_perror_poll_printf_pthread_cond_broadcast_pthread_cond_destroy_pthread_cond_init_pthread_cond_signal_pthread_cond_timedwait_pthread_cond_wait_pthread_create_pthread_detach_pthread_mutex_destroy_pthread_mutex_init_pthread_mutex_lock_pthread_mutex_unlock_pthread_self_pthread_sigmask_ptsname_rand_r_read_realloc_realpath$DARWIN_EXTSN_setsid_setsockopt_signal_socket_socketpair_strchr_strcmp_strcpy_strdup_strerror_strlen_strncasecmp_strncmp_strncpy_strrchr_strsep_strtoul_time_uname_unlockpt_waitpid_write_writevdyld_stub_binderradr://5614542erfs-1.4/packaging/000077500000000000000000000000001375124717500142555ustar00rootroot00000000000000erfs-1.4/packaging/Makefile000066400000000000000000000014101375124717500157110ustar00rootroot00000000000000 VERSION=1.4 BIN_NAME=erfs #PKG_NAME=${BIN_NAME}-${VERSION} PKG_NAME=${BIN_NAME}-${VERSION} dist: mkdir -p ${PKG_NAME} cp -a ../license ../man ../${BIN_NAME} ./${PKG_NAME}/ tar cfz ${PKG_NAME}.tar.gz ${PKG_NAME} rm -rf ./${PKG_NAME}/ ls -al ./${PKG_NAME}.tar.gz debuild-setup: dist rm -rf build mkdir build cp ${PKG_NAME}.tar.gz build && \ cd build && \ tar xfz ${PKG_NAME}.tar.gz -cd build/${PKG_NAME} && \ dh_make -sy -f ../${PKG_NAME}.tar.gz && \ rm -f debian/*.EX debian/*.ex debian/*.docs debian/README.* && \ cp -a ../../debian/* debian/ && \ uscan . debian-debuild: debuild-setup cd build/${PKG_NAME} && \ debuild -S lintian --pedantic -IE build/${BIN_NAME}_*.dsc clean: rm -rf ./build ./${PKG_NAME}.tar.gz debian: debian-debuild echo Done. erfs-1.4/packaging/debian/000077500000000000000000000000001375124717500154775ustar00rootroot00000000000000erfs-1.4/packaging/debian/changelog000066400000000000000000000004401375124717500173470ustar00rootroot00000000000000erfs (1.4-1) unstable; urgency=medium * Typos have been fixed and man page updated -- skyper Fri, 06 Nov 2020 12:53:38 +0000 erfs (1.3-1) unstable; urgency=medium * Initial release (closes: #964005) -- skyper Wed, 17 Jun 2020 10:11:11 +0100 erfs-1.4/packaging/debian/control000066400000000000000000000020501375124717500170770ustar00rootroot00000000000000Source: erfs Section: net Priority: optional Maintainer: skyper Build-Depends: debhelper-compat (= 13) Standards-Version: 4.5.0 Homepage: https://github.com/hackerschoice/erfs Rules-Requires-Root: no Package: erfs Architecture: all Depends: encfs, sshfs, openssl, ${misc:Depends} Description: Client to use a free encrypted cloud based network file system An easy-to-use, easy-to-setup, hassle-free secure file system with the encrypted data being stored on a remote cloud server without having to trust the server. . All key material is created on the user's computer and never stored or transferred to the server. . All data is locally encrypted (including the file name). The encrypted data (and only that!) is stored in the cloud. The data remains secure even if the cloud server is compromised. It does not need root or superuser privileges. No need to run your own server. All you need is the bash script (literally). It is one single command to add and use a file system: . $ erfs mount aDe5F2ik3x35x7pfAEAWdC5Y ~/secure erfs-1.4/packaging/debian/copyright000066400000000000000000000022051375124717500174310ustar00rootroot00000000000000Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: erfs Upstream-Contact: skyper Source: https://github.com/hackerschoice/erfs Files: * Copyright: 2020 skyper License: GPL-2+ Files: debian/* Copyright: 2020 skyper 2020 Daniel Echeverri License: GPL-2+ License: GPL-2+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . On Debian systems, the complete text of the GNU General Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". erfs-1.4/packaging/debian/erfs.install000066400000000000000000000000151375124717500200220ustar00rootroot00000000000000erfs usr/bin erfs-1.4/packaging/debian/erfs.manpages000066400000000000000000000000131375124717500201450ustar00rootroot00000000000000man/erfs.1 erfs-1.4/packaging/debian/files000066400000000000000000000000511375124717500165200ustar00rootroot00000000000000erfs_1.4-1_source.buildinfo net optional erfs-1.4/packaging/debian/rules000077500000000000000000000000361375124717500165560ustar00rootroot00000000000000#!/usr/bin/make -f %: dh $@ erfs-1.4/packaging/debian/source/000077500000000000000000000000001375124717500167775ustar00rootroot00000000000000erfs-1.4/packaging/debian/source/format000066400000000000000000000000141375124717500202050ustar00rootroot000000000000003.0 (quilt) erfs-1.4/packaging/debian/tests/000077500000000000000000000000001375124717500166415ustar00rootroot00000000000000erfs-1.4/packaging/debian/tests/control000066400000000000000000000001521375124717500202420ustar00rootroot00000000000000Tests: upstream-tests Depends: @, @builddeps@ Restrictions: needs-root, needs-internet, isolation-machine erfs-1.4/packaging/debian/tests/upstream-tests000077500000000000000000000004461375124717500215730ustar00rootroot00000000000000#!/bin/sh set -e # Hmm. Let's try to run a mount test.. export HOME=$(mktemp -d -t erfs-XXXXXXX) [ -c /dev/fuse ] || mknod -m 666 "/dev/fuse" c 10 229 [ -e /etc/mtab ] || ln -sf ../proc/self/mounts "/etc/mtab" /usr/bin/erfs m aDe5F2ik3x35x7pfAEAWdC5Y /usr/bin/erfs u aDe5F2ik3x35x7pfAEAWdC5Y erfs-1.4/packaging/debian/upstream/000077500000000000000000000000001375124717500173375ustar00rootroot00000000000000erfs-1.4/packaging/debian/upstream/metadata000066400000000000000000000007671375124717500210540ustar00rootroot00000000000000Bug-Database: https://github.com/hackerschoice/erfs/issues Bug-Submit: https://github.com/hackerschoice/erfs/issues/new Reference: Author: Joshua Davies Title: "Implementing SSL/TLS" Edition: 1st ISBN: 0470920416 Publisher: Wiley Year: 2010 Type: book Donation: https://www.thc.org FAQ: https://github.com/hackerschoice/erfs Documentation: https://github.com/hackerschoice/erfs Repository: https://github.com/hackerschoice/erfs.git Repository-Browse: https://github.com/hackerschoice/erfs erfs-1.4/packaging/debian/watch000066400000000000000000000002161375124717500165270ustar00rootroot00000000000000version=4 opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/erfs-$1\.tar\.gz/ \ https://github.com/hackerschoice/erfs/tags .*/v?(\d\S+)\.tar\.gz