Crypt4GH File System
crypt4ghfs is a fuse layer exposing Crypt4GH-encrypted files, as if they were decrypted
crypt4ghfs [-f|--foreground] [--conf conf_file] <mountpoint>
The default configuration file is in
See the configuration sample for examples.
seckeymust point to a Crypt4GH private key or an ED25519 ssh key. This option is required.
rootdirmust point to the root directory where the Crypt4GH-encrypted files reside. This option is required.
- when not in read-only mode, a list of recipients must be specified (potentially only including yourself), for the case of an encrypting file system.
By default, we daemonize the process. Use
--foreground) to keep it in the foreground. This is useful to see the logs, since
stderr are otherwise redirected to
/dev/null when the process is daemonized.
Extra debug output is available if
log_level=LEVEL is used (where
LEVEL is a Python logging levels)
Assume you have Crypt4GH-encrypted files in
~/encrypted-files, and your private key in
You can create a configuration file in
[DEFAULT] rootdir=~/encrypted-files [CRYPT4GH] seckey = ~/.c4gh/mykey
Create an (empty) directory,
~/clear-files and mount the Crypt4GH file system in it with:
You can now read files in
~/encrypted-files as if they were decrypted.
crypt4gh decrypt --sk ~/.c4gh/mykey < ~/encrypted-files/example.txt.c4gh | less
you can now simply, use
cat ~/clear-files/example.txt # or any other tool using the POSIX file abstraction
Tips: if you mount sshfs from the EGA distribution system, you can download chunk-by-chunk the files from the EGA, as Crypt4GH files, and use all of them with 2 commands:
sshfs -o uid=$(id -u),gid=$(id -g) -f <remote-url>:. ~/encrypted-files, followed by
crypt4ghfs ~/clear-files. After that, you keep your prompt and can "use" the files in
ls -al ~/clear-files.
On Ubuntu, run:
apt-get install ca-certificates pkg-config git gcc make automake autoconf libtool bzip2 zlib1g-dev libssl-dev libedit-dev ninja-build cmake udev libc6-dev pip install -U pip pip install meson pytest
Install the (latest) libfuse (v3.10) with:
git clone https://github.com/libfuse/libfuse.git cd libfuse git checkout fuse-3.10.0 mkdir build cd build meson .. ninja ninja install
Finally, install the python packages:
pip install crypt4ghfs # this will install crypt4gh, trio and pyfuse3 too
For the (latest) SSHFS (v3.7), useful to test the above tips:
git clone https://github.com/libfuse/sshfs.git cd sshfs git checkout sshfs-3.7.0 mkdir build cd build meson .. ninja ninja install