PEFS (Private Encrypted File System) is a kernel level stacked cryptographic filesystem for FreeBSD.

PEFS website: http://pefs.io/

The following is a list of its most important features:

• Kernel level file system, no user level daemons needed. Transparently runs on top of existing file systems.

• Random per file tweak value used for encryption, which guaranties different cipher texts for the same encrypted files.

• Saves metadata only in encrypted file name, but not in file itself.

• Supports arbitrary number of keys per file system, default directory key, mixing files encrypted with different keys in same directory.

• Allows defining key chains, can be used to add/delete several keys by specifying only master key.

• Uses modern cryptographic algorithms: AES and Camellia in XTS mode, PKCS#5v2 and HKDF for key generation.

FreeBSD wiki page: http://wiki.freebsd.org/PEFS blog: http://glebkurtsou.blogspot.com/search/label/pefs

Installation instructions:

git clone git://github.com/glk/pefs.git pefs

cd pefs

make obj all

make install

make clean

To run the tests load the PEFS kld and run 'kyua test':

kldload pefs

cd tests/sbin

kuya test