PEFS (Private Encrypted File System) is a kernel-level stacked encrypted file system for FreeBSD. It runs on top of an existing file system and transparently encrypts data without requiring additional storage devices. The project is open source under the BSD license, hosted on GitHub, and can be installed as a FreeBSD port/package.
In terms of protection scope, PEFS focuses on encryption for data at rest. It is suitable for protecting user home directories, cloud or network-shared data, portable storage such as USB drives, and sensitive directories. It supports encryption of both file contents and file names, using AES and Camellia in XTS mode, with PKCS#5v2 and HKDF for key derivation. The source text also notes that it has undergone security audits and uses mechanisms such as random tweaks to mitigate offline attacks.
Deployment is relatively technical: it can be installed via pkg, ports, or built from source, with encrypted directory creation, mounting, and key addition handled through the command line. PEFS supports a PAM module, enabling automatic decryption of user home directories at login using a PEFS password. It provides full POSIX semantics, including sparse files, hard links, and atomic renames. Each encrypted file is self-contained, which benefits incremental backups and reliability after system crashes. However, the available text does not show capabilities such as a centralized management platform, audit reports, alert notifications, or integration with enterprise directory systems.
PEFS is free and open-source software under the BSD license. No commercial subscription, SLA, paid support, or hosted service is disclosed. The project is maintained by its author and the open-source community, with support channels including mailing lists, GitHub issues/pull requests, and social channels. The latest release information is dated 2018.12.29, including FreeBSD 13-CURRENT build fixes and a workaround for the LazyFPU vulnerability; users should assess ongoing project activity themselves.
Its strengths include a clean design, solid kernel-level performance, safer default configurations that reduce the risk of misconfiguration, and the ability to leverage the capabilities of the underlying file system. Its limitations are clear: it is confined to the FreeBSD ecosystem and lacks information on cross-platform support, visual operations tools, compliance certifications, and commercial support. It is best suited for advanced FreeBSD users, developers, small technical teams, and enterprise scenarios that need local file-level encryption and can handle operations in-house.
The captured text does not provide information on access from mainland China, mirrors, payment, or local support, so this remains unknown. For production environments requiring alternatives, users may consider FreeBSD GELI, ZFS native encryption, or cross-platform options such as VeraCrypt, LUKS/dm-crypt, and gocryptfs.
β This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on pefs.io official site.
pefs.io is an Unknown Cybersecurity provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach pefs.io directly.