IOCipher lives! encrypted virtual file system for Android

Nathan and I just got the first complete test of IOCipher working in the IOCipherServer/SpotSync app. We created a filesystem sqlite.db file, then mounted it and got all the files via HTTP. In the test suite, I have lots of operations all running fine and encrypting! The core idea here is a java.io API replacement that transparently writes to an encrypted store. So for the most part, just change your import statements from:

java.io.*   --->   info.guardianproject.iocipher.*

Then in your code, make a VirtualFileSystem instance and mount it, and unmount it. That’s about it. Right now, you can have only a single filesystem per app, but you can unmount one and mount another. We hope to add support for multiple filesystems in the not-too-distant future.

Its ready for people to try, some kind of early alpha. Here’s the framework itself:
https://github.com/guardianproject/IOCipher

THe easiest way to get started right now is probably the test suite:
https://github.com/guardianproject/IOCipherTests

Our first app using it is here:
https://github.com/guardianproject/IOCipherServer

Comments, feedback, criticism, welcome and wanted!

9 comments for “IOCipher lives! encrypted virtual file system for Android

  1. n8fr8
    2012/05/17 at 4:49 pm

    Here’s where we have implemented it – a Java Servlet for retrieving and displaying files from within an IOCipher file system

    https://github.com/guardianproject/IOCipherServer/blob/master/src/info/guardianproject/iocipher/server/IOCipherFileServlet.java

  2. 2012/07/21 at 8:18 am

    consider offering it as a framework patch toolkit like PDroid

    • hans
      2012/07/21 at 12:56 pm

      Its a framework for app developers that makes it really easy for developers to include encrypted file storage in their apps. I’m not sure it would work in the same manner as PDroid. If you want to have something that encrypts the file storage for each and every app, I think that would have be something like the /data partition encryption introduced in Android 4.0/ICS or full partition encryption using LUKS as well.

      It would be possible to swap out the internal SQLite in Android with SQLCipher so the databases of all apps are encrypted. We hope to do that someday, and would gladly assist anyone who is ready to take it on. We don’t have a timeline for that work, its on the wish list.

  3. 2012/09/12 at 4:02 pm

    Are there any concerns with the security in this ~alpha release or potential loss of data? The restriction to a single file store doesn’t seem like a big issue, for me at least.

    • hans
      2012/09/12 at 4:21 pm

      Its alpha, so we don’t really know what are the issues and long term stability yet. Its based on an existing, tested library: libsqlfs. And we’ve been putting quite a bit into setting up automated testing, so we are working towards making sure its reliable.

      • 2012/09/12 at 7:04 pm

        I’m having a very difficult time getting the library to build on Windows 7, cygwin doesn’t seem to want to cooperate. I usually just use ndk-build for any ndk apps (works fine w/ the qualcomm vuforia sdk, worth checking out if you’re not already familiar w/ it)

        Do you publish precompiled jar files anywhere or have any tips to get this to compile?

        • hans
          2012/09/12 at 8:12 pm

          We do plan on releasing a simple jar package once we are ready for a beta release. That’ll be soon. As for building this, for our complex frameworks like IOCipher, SQLCipher-for-Android, gnupg-for-android, etc, we only ever build them on Debian/Ubuntu/Mint because it is just so much less work. You could download or make a Debian/Ubuntu/Mint VM and run it in VirtualBox if you want to get started ASAP.

          • 2012/09/13 at 10:01 am

            fair point, Ubuntu it is

  4. 2012/09/17 at 9:49 am

    Hey, can I get some help on this question, https://guardianproject.info/questions/iocipher-and-contentproviders/? It doesn’t look like the Q/A forum is visited too often.

Leave a Reply

Your email address will not be published. Required fields are marked *