{"id":19979047,"url":"https://github.com/fphammerle/rgpgfs","last_synced_at":"2026-05-15T18:04:39.030Z","repository":{"id":78737218,"uuid":"178597280","full_name":"fphammerle/rgpgfs","owner":"fphammerle","description":"PoC: Mount PGP/GPG-enciphered view of plain directories via FUSE 💾 🔐","archived":false,"fork":false,"pushed_at":"2019-04-05T20:24:36.000Z","size":78,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-12T10:26:27.661Z","etag":null,"topics":["docker","file-encryption","fuse-filesystem","gnupg","gpgme","pgp"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/fphammerle/rgpgfs","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fphammerle.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-30T18:38:47.000Z","updated_at":"2024-08-12T19:47:27.000Z","dependencies_parsed_at":"2023-03-16T20:30:10.262Z","dependency_job_id":null,"html_url":"https://github.com/fphammerle/rgpgfs","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fphammerle%2Frgpgfs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fphammerle%2Frgpgfs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fphammerle%2Frgpgfs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fphammerle%2Frgpgfs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fphammerle","download_url":"https://codeload.github.com/fphammerle/rgpgfs/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241412534,"owners_count":19958946,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","file-encryption","fuse-filesystem","gnupg","gpgme","pgp"],"created_at":"2024-11-13T03:36:15.475Z","updated_at":"2025-10-26T17:03:36.915Z","avatar_url":"https://github.com/fphammerle.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# rgpgfs 💾 🔐\n\nPoC: PGP/GPG-enciphered view of plain directories\n\nMounting \u0026 unmounting does *not* require setuid, sudo, root ...\n\n## Build\n\nRun `make` after installing\n[libfuse](https://github.com/libfuse/libfuse)\nand\n[gpgme](https://www.gnupg.org/software/gpgme/index.html).\n\n### Debian / Ubuntu\n\n```sh\napt-get install libfuse3-dev libgpgme-dev\nmake\n```\n\n### Docker 🐳\n\n```sh\ndocker build --target build -t rgpgfs .\n```\n\n## Usage\n\n```sh\nrgpgfs -r [fingerprint] [mountpoint]\n# or\nrgpgfs --recipient=[fingerprint] [mountpoint]\n# or\nrgpgfs -o recipient=[fingerprint] [mountpoint]\n```\n\n*rgpgfs* will refuse to encrypt with untrusted keys.\nSee `gpg -k [fingerprint]`.\n\n### Example\n\nMount encrypted view of `/` in `~/rgpgfs`:\n\n```sh\n$ rgpgfs --recipient 1234567890ABCDEF1234567890ABCDEF12345678 ~/rgpgfs\n\n$ ls -1 ~/rgpfs/var/log/syslog.*\n/home/me/rgpgfs/var/log/syslog.gpg\n/home/me/rgpgfs/var/log/syslog.1.gpg\n/home/me/rgpgfs/var/log/syslog.2.gz.gpg\n/home/me/rgpgfs/var/log/syslog.3.gz.gpg\n\n$ gpg --decrypt --for-your-eyes-only /home/me/rgpgfs/var/log/syslog.gpg | wc -l\ngpg: encrypted with 4096-bit RSA key, ID 89ABCDEF12345678, created 2019-03-30\n      \"someone \u003csomeone@somewhere.me\u003e\"\n3141\n```\n\n### Change source directory\n\n```sh\nrgpgfs -o modules=subdir -o subdir=/source/dir /mount/point\n```\n\n### Docker 🐳\n\nMount an enciphered view of named volume `plain-data` at `/mnt/rgpgfs`:\n\n```sh\ndocker run --rm \\\n    --device /dev/fuse --cap-add SYS_ADMIN \\\n    -e RECIPIENT=1234567890ABCDEF1234567890ABCDEF12345678 \\\n    -v plain-data:/plain:ro \\\n    -v /mnt/rgpgfs:/encrypted:shared \\\n    fphammerle/rgpgfs\n```\n\nInteractively:\n\n```sh\nhost$ mkdir /mnt/rgpgfs \u0026\u0026 chmod a+rwx /mnt/rgpgfs\nhost$ docker run --rm -it \\\n    -v plain-data:/plain:ro \\\n    -v /mnt/rgpgfs:/enc:shared \\\n    --device /dev/fuse --cap-add SYS_ADMIN \\\n    fphammerle/rgpgfs ash\ncontainer$ ls /plain\nexample.txt\ncontainer$ gpg --recv-keys 1234567890ABCDEF1234567890ABCDEF12345678\ncontainer$ gpg --edit-key 1234567890ABCDEF1234567890ABCDEF12345678\ncontainer gpg\u003e trust\ncontainer gpg\u003e 5\ncontainer gpg\u003e quit\ncontainer$ rgpgfs -o allow_other,modules=subdir,subdir=/plain,recipient=12345678 /enc\ncontainer$ ls /enc\nexample.txt.gpg\n# meanwhile in another shell:\nhost$ ls /mnt/rgpgfs\nexample.txt.gpg\n```\n\nWhen AppArmor is enabled\nyou may need to add `--security-opt apparmor:unconfined`.\n\nYou may need to disable user namespace remapping for containers\n(dockerd option `--userns-remap`)\ndue to https://github.com/moby/moby/issues/36472 .\n\n### Docker Compose 🐙\n\n1. Adapt paths \u0026 recipient in [docker-compose.yml](docker-compose.yml)\n2. `docker-compose up`\n\n### Serve encrypted data via rsync ssh server\n\nSee [examples/rsync-sshd](examples/rsync-sshd/docker-compose.yml)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffphammerle%2Frgpgfs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffphammerle%2Frgpgfs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffphammerle%2Frgpgfs/lists"}