Skip to content
/ egit Public

A lame attempt at encrypting git repos...

Notifications You must be signed in to change notification settings

mrmoss/egit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

author
Mike Moss
Jul 29, 2019
6f6dabc · Jul 29, 2019

History

21 Commits
Jan 21, 2019
Jul 29, 2019

Repository files navigation

BEGIN RANT

This is a WIP encryption wrapper around git...not sure if I'll actually use it for anything...might just give up on it...

Been doing some thinking about encryption and git lately.

I'm not saying that Microsoft will do bad things with Github...but I don't sleep as well at night anymore knowing they have access to my files...don't worry Microsoft...it's me...not you...I never slept well knowing Github had access to my files...

My first thought was: "I'll just run my own git server on a VPS!"

But then I was like: "It's hosted in Romania...what could go wrong..."

I don't have a secure facility to put my sensitive files on...I'd love to...but I don't...

@GitDevelopers - You people are awesome...it'd be cool if the server side encrypted your files with your private key/auth password on the server side, and didn't store that key ANYWHERE (well, hashes are whatever are fine). If I knew anything about the git server architecture, I might do this myself...if I wasn't in school...and didn't have a job...

Anyways, I've been working on this TERRIBLE python script for ~20 hours now (I had 4 hours of sleep somewhere between those hours...it's not included in that time...)...needs heavy refactoring...

Known Issues:

  • Filenames are encrypted - so if the filename is already long, it can get longer, which may raise a "filename is too long" error. I personally think this is a "why are your filenames 100ish characters?!" issue...
  • This essentially keeps two copies of a repo on a machine...one encrypted...one decrypted...
  • No auto-init process...
  • First round of encryption/decryption is slow...don't think this can be fixed. After the first round, modification states are kept in a local flat-file database to speed things up.
  • Doesn't detect unused encrypted files (you have to remove the file in both decrypted and encrypted folders).
  • Keeps file attributes on encrypted versions (this is technically giving away some information about your files).

Dependencies:

pycrypto

Here's how you initialize a git repo with it (assuming egit is in your path...):

cd /tmp/
mkdir new_git
cd new_git
git init
mkdir decrypted
echo 'we attack at dawn' > decrypted/secret.txt
echo -e '.egit\ndecrypted' > .gitignore
egit encrypt
git add .gitignore encrypted
git commit -m 'secret message uploaded'
git push

If you want to push:

echo 'we attack at noon' > decrypted/secret.txt
egit encrypt
#Your files are now encrypted into /tmp/new_git/encrypted
egit add decrypted/secret.txt
git commit -m "changes to secret message"
git push

If you want to pull:

git pull
egit decrypt
#Your files are now decrypted into /tmp/new_git/decrypted

If you want to see which files have been changed in the decrypted dir:

egit status
#This will show new files, removed files, modified files, etc...

Again, this will probably not go anywhere. The current state of what happens with personal data makes me have nightmares. I'd like to fix it, but it'll probably end with a couple large businesses having their noses into everything...lol...like I have anything they want...

Rant over - Cheers.

END RANT

About

A lame attempt at encrypting git repos...

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages