CM is a framework and interface for mounting and organizing encrypted filesystems on a mobile device.

  • The encrypted filesystem may be located on internal memory, removeable media or remote disk.
  • The mounted plaintext filesystem's location is determined by user preferences, stored both on the local system and inside the encrypted filesystem.
  • Conflicting preferences may be resolved automatically or by user intervention.

System Requirements

  • Kernel 2.4 ro 2.6
  • FUSE
  • bash
  • TODO

Filesystem Structure

EncFS stores files in a standard filesystem structure, preserving directory structure and permissions in plaintext, while encrypting the names and contents of files and directories. Metadata about the encryption options and cipher is stored in a .encfs5 file in the root of the encrypted filesystem. This metadata is mostly unencrypted, as it is required for decryption.

CM adds it's own metadata file to the encrypted filesystem, containing information about what the files are and how to handle the mount operation. A separate preferences file in the user's homedir stores global options.

Encrypted Metadata File

  • Name
  • Description
  • Mount Point
  • Conflict Resolution
  • Unmount Behaviour
  • TODO

An example would be :

  • Passwords (Level 1)
  • Website passwords for free forums
  • PasswordLevel1
  • Create
  • Remove


  • Secure Firefox
  • Profile for Web Banker
  • /home/<user>/mozilla/.firefox
  • LayerIfUnused
  • Replace

The Conflict Resolution option specifies what to do if the target mountpoint does not exist or contains files. Several options can be specified in a list and are tried in order.

  • Notify - Tell the user there was a problem and don't do anything else. This is the default.
  • Create - Create the mountpoint directory if it does not exist.
  • CreateAll - Create the mountpoint directory, and all parent directories, if they do not exist.
  • LayerIfUnused - Move an existing directory out of the way and create the mountpoint directory, but only if none of the files in the directory are opened and the directory is not an existing encrypted mountpoint itself.

The Unmount Behaviour option specifies what to do when the filesystem is unmounted.

  • Remove - The mountpoint directory is removed.
  • Replace - Used with LayerIfUnused to move the original directory into place.

Note that Replace is automatically selected in the Metadata editor screen when LayerIfUnused is selected, but may be manually de-selected by the user.

User Interface

The CM user interface has two components, a taskbar applet and a tabbed application window.

Taskbar Applet

This applet has several features:

  • List the mounted filesystems in a popup
  • Store stateful information about the mounted filesystems
  • Allow unmounting of filesystems by the user
  • Execute on-unmount commands
  • Automatically unmount filesystems after a timeout
  • Lock the display after a timeout

Application Window

The tabs in this window offer the user the ability to:

  • View the currently mounted filesystems
  • Mount a filesystem
  • Create a new filesystem
  • Modify the metadata of an unmounted filesystem
  • Modify global preferences


Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki