Skip to content

Mivik/bijou

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Bijou ✨💎✨

Crates.io docs.rs

Bijou (['bi:ʒu], French for "jewel") is a tiny embeddable encrypted filesystem, built upon RocksDB.

Bijou provides a FUSE interface, as well as Rust API (bijou-core) to manipulate the filesystem.

Why Bijou?

The initial motivation of Bijou is to provide access to encrypted filesystem everywhere, without extra requirement for the host system. Most of currently available encrypted filesystems just rely on the underlying filesystem to do the most of the work (directory structure, filenames, metadata, xattrs, etc.), which both limits the portability and compromises the security.

Bijou is developed with safety and performance in mind. Almost all metadata is stored in a RocksDB database, which is extended to support at-rest encryption. Because of that, Bijou poses minimum requirement on the underlying filesystem (specifically, being able to store random-accessible regular files in directories is all we need).

In addition, an abstraction of the storage layer makes it possible to store file contents nearly everywhere, including local file system, OpenDAL (experimental) or even RocksDB itself.

Warning

Bijou is under active development and is not ready for production use. It's unstable (may crash!) and on-disk format may change. You definitely don't want to use it to store your important data for now.

Features

  • File encryption with integrity check
  • Cross platform filesystem features: (hard or soft) links, xattrs, file permissions
  • Directory structure encryption
  • Customizable storage layer
  • Rust API
  • Filenames with arbitrary length

Currently Bijou is only tested on Linux, but it should work on other platforms as well.

Performance

The following benchmark is done on a 14-core Intel i7-12700H CPU with 32GB RAM and a 1T NVMe SSD.

Baseline Bijou gocryptfs Cryptomator securefs1 encfs
Tested Version N/A commit 823bf69 commit 8b1c4b0 v1.9.3 v0.14.3 v1.9.5
Seq Read 1748MB/s 1134MB/s 655MB/s 1084MB/s 643MB/s 342MB/s
Seq Write 1351MB/s 1251MB/s 506MB/s 605MB/s 169MB/s 137MB/s
Random Read 605MB/s 244MB/s 36MB/s 134MB/s 42MB/s 26MB/s
Random Write 270MB/s 123MB/s 23MB/s 62MB/s 24MB/s 18MB/s
untar linux-3.0 1.7s ± 0.03s 7.3s ± 2.4s 7.1s ± 0.3s 12.7s ± 0.5s 5.1s ± 0.4s 7.8s ± 0.3s
ls -lR linux-3.0 115.7ms ± 2.4ms 263.4ms ± 243.7ms 1.3s ± 0.06s 2.4s ± 0.3s 220.3ms ± 17.8ms 2.0s ± 0.2s

Bijou might be slower in cases where directory structure or file metadata is frequently accessed since they are stored in a separate database. However, Bijou still outperforms other filesystems in most cases.

Security & Design

See security and design for more information.

Get Involved

Bijou is still in its early stage, and there are many things to do. If you're interested in this project, check out CONTRIBUTING.md. Any contribution is welcome!

Installation

cargo install bijou-cli

Usage

# Create a database
bijou create <data-dir>

# Mount it
bijou mount <data-dir> <mountpoint>

See bijou --help for more information.

License

Licensed under the Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0

Footnotes

  1. securefs does not support O_DIRECT flag, and is tested without it

About

Bijou is a tiny embeddable encrypted filesystem.

Resources

License

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages