Official website for Linux User & Developer

The best file encryption software in open source – group test

by Gareth Halfacree

Keeping your secrets secret is an important consideration, so we have taken the four most popular encryption systems and ordered Linux User’s chief group tester, Garath Halfacree, to do what he does best. Which is the ultimate option? Read on…

A user-space encryption system, EncFS is designed to keep things simple

EncFS and eCryptfs are, in many ways, extremely similar. Both operate in user space, and both are designed to provide an easy way to manage file-system level encryption. Both include plenty of scope for configuration and the use of various encryption algorithms, and both have their advantages and disadvantages.

Created in 2003 to address a perceived lack of file system encryption capabilities in the kernel of the time – following the dropping of TCFS and the lack of maintenance on the CFS project – EncFS ties in to FUSE – the File-system in User spacE kernel module – to allow any users to create, modify, and access an encrypted directory.

Installation of EncFS is relatively simple, although it does have a few dependencies that must be satisfied before it will operate. For most Linux distributions, however, this translates into a few more packages to be downloaded from the repositories, and adds little complexity to the overall installation process.

The best file encryption software in open source - group test
File names are encrypted by default with EncFS

Setting up an EncFS-encrypted folder is similar to eCryptfs, although instead of using mount the encfs binary is called instead. Sadly, EncFS does require that two directories are used in place of the singular directory with which eCryptfs can be configured: in practice, this is usually covered by creating a hidden directory to hold the encrypted files.

Once the encrypted directory is created and mounted using EncFS, the files are accessible as normal. File names are encrypted by default, and – as with the other products on test – the well-regarded AES-256 algorithm is used to secure data.

Sadly, EncFS is starting to show its age. Compared to eCryptfs, it doesn’t feel quite as user friendly, but it’s the performance which was most disappointing. In our small-file test, our 500 128KB files transferred at an average speed of around 8MB/s – the slowest of any package on test. While the large file result was better, performing almost twice as fast as EncFS managed with the small files, it was still beaten into third place by the slightly better throughput of eCryptfs – although the difference for large files was all-but negligible.

The best file encryption software in open source - group test
EncFS can be tied into an external program for password input

EncFS does have one trick up its sleeve, however: because it ties into FUSE, it is safe to use with XFS and similar file systems without risking a stack overflow, unlike eCryptfs. If XFS support is key and you need a user-space file-system level encryption system, EncFS is still worth a look.

Linux User Verdict
Installation: 8/10
Aside from some dependencies which are easy to satisfy, EncFS is simple to install.
Features: 7/10
EncFS has plenty of choice for performance tuning and encryption algorithms.
Ease of use: 8/10
Unlike eCryptfs, EncFS can be executed without running as root thanks to its use of FUSE.
Performance: 3/10
On slower systems, EncFS performs poorly even at the default settings.

Overall: 2/5
If you need ordinary users to be able to manage encrypted directories – or XFS support – then EncFS is a good choice, otherwise the performance drop is too severe.

Continue to next page – TrueCrypt

Pages: 1 2 3 4 5
  • Tell a Friend
  • Follow our Twitter to find out about all the latest Linux news, reviews, previews, interviews, features and a whole more.
    • Joseph

      While LUKS may not have a GUI as such, that doesn’t mean that ease of use is really hampered in some distributions. For instance, when using openSUSE’s YaST configuration tool and its partitioner module, one need simply click a check box (and enter the desired password) and YaST handles formatting, setting up and encrypting the partition, and adding an FSTAB entry if needed. I just checked and it seems Ubuntu gives you an encryption option when using its partitioner but not during the install. openSUSE allows for encryption to be specified during system install as well.

      It’s also my understanding that TrueCrypt allows for full-disk encrypting a boot drive under Windows but not Linux. If that is still the case, then perhaps the recommendation would best be LUKS for setting up a system with full-disk encryption (especially if you’re installing a disto with a powerful installer like openSUSE’s) and TrueCrypt for other needs and cross-platform encrypting.

    • linux97

      The selling point for me (strange sounding since it is free) is the simple fact that Truecrypt will work cross-platform as long as it has been installed on other machines. That means that I can encrypt a thumb drive and use it on various machines; taking my encrypted files with me to work, home, wherever. I can also put a persistent linux on another thumb drive, along with truecrypt, and be assured I can use my encrypted files anywhere I am allowed to boot a computer.

    • Pingback: Links 10/8/2011: Linux/Android Tablets Multiply, OpenGL 4.2 is Coming | Techrights()

    • Pingback: Open encryption software « 0ddn1x: tricks with *nix()

    • JDM

      TrueCrypt also has some very ambiguous origins and development and is increasingly hard to compile from source by an end user.

    • David

      Apparently there is a tool that makes it possible to use dm-crypt under windows. It’s called FreeOTFE ( and has the benefit of not having to be installed (thus not needing administrator priviligeous). This could actually make it even more useful than truecrypt for use with portable devices. This program is windows only and I don’t think there’s a similar program for MacOSX.

    • Pingback: Truecrypt opensuse | Playstation3st()

    • aprogrammer

      Cool post but I was using russian ecryption instruction

    • Pingback: Data encryption in Linux (and OS X, and Windows) | Bits and Pieces()

    • Markus

      Interesting how some articles at somehow the same time try to sell people the compromised TrueCrypt stuff to the people instead of LUKS and try to tell that the performance is way better.. ;)