Back when MacFUSE was let loose earlier this year, i was a bit puzzled as to what to use it for. For those who don’t know, it’s the Mac OS X version of FUSE, which implements a mechanism on Linux in which userspace programs can expose file systems.

So for example, using the “sshfs” program (or “plugin”) i can mount remote linux machines via ssh and copy files to/from them.

Now as i was saying, i couldn’t figure out how i could make use of MacFUSE; sshfs was of no use to me as i just use CyberDuck to copy files to remote Linux machines.

But then i found encfs. This basically implemented an encrypted file system which was transparently overlaid over the current file system.

<!-more->

Encryption with encfs

encfs is very different from the current mac solution i use for encrypting my files, FileVault.

FileVault uses an expanding disk image in which it stores all the encrypted files. Whilst it is quite convenient when i come to backing up my data (as in i just have to copy a single file), it has numerous disadvantages, such as:

• The image can get corrupted if your computer crashes or otherwise is unable to properly log out
• If the image becomes corrupted, i more or less loose all of my files
• The image expands to accommodate additional data, however it only re-compacts itself when i log out, something which i often have to do to re-claim disk space

Compare this to encfs, which directly stores encrypted files and directories as files and directories on your disk (with encrypted names of course):

• Only individual files being written to can potentially get corrupted if your computer crashes or otherwise is unable to properly log out
• The only case in which i loose all of my files is when the “control file” is corrupted (although from what i gather the control file is only written to when the encrypted file system is created, and thus is unlikely to easily become corrupted)
• Since files aren’t stored in a fancy expanding disk image, no extra space is used

Although encfs naturally has its disadvantages:

Since files and directories in the encfs correspond to files and directories on disk, a would-be hacker can easily determine how many files and directories are encrypted, and might be able to determine their contents by examining metadata (which isn’t encrypted).
* It’s a bit obvious that you have encrypted files, an obvious disadvantage if you were looking to hide them for whatever reason

Still on a whole it is a great solution if you are not incredibly paranoid. It also works on Linux too, which is great!

Unfortunately, i have no idea how to automount encfs when i log in to Mac OS X, as happens with FileVault. So for now, i think i am going to stick with FileVault (although suggestions for how to do this would be appreciated). But as for Linux systems, encfs seems to be the best solution for me as it is the only one in which i don’t have to create a large non-expanding disk image in which to store my confidential data – plus i can make it automount when i log in!

Note that if you wish to try out encfs with MacFUSE for yourself, there is a pre-built encfs plugin floating around the net. I just installed encfs from MacPorts, which pretty much worked out of the box.

Compression

Soon after i got encfs working, it occurred to me that as well as encrypting files with MacFUSE i could also transparently compress them (something which Mac OS X is seemingly incapable of doing). This would come in quite handy for compressing disk images which i use in VirtualBox, which sadly doesn’t support compressed disk images (something which Parallels Desktop and qemu quite easily support).

Unfortunately whilst i found a few FUSE file systems which supported compression in the same way encfs supported encryption, i could not get any of them to compile with MacFUSE. Darn!

Conclusion

I was quite surprised at how powerful MacFUSE is, provided you can get the file system “plugins” to work. Beyond sshfs and encfs, there are a multitude of different systems, from copying files to an iPhone to even storing them in your GMail.

In the future, i hope people will come up with even more crazy FUSE plugin’s in order to further abuse my file browser! :)