git-cr

command module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 8, 2015 License: MIT Imports: 13 Imported by: 0

README

🔒 git-cr — Client side encryption for git

Build Status

What it does

git-cr is a git remote that encrypts all data in a repo (including metadata) client-side. You can still use all of git's feature, including efficient deltas.

Currently git-cr stores your data in encrypted form in a local directory (e.g. in Dropbox, Google Drive, …), but a remote backend might be added soon.

Instructions

Installation

Installation using go:

go get github.com/lucas-clemente/git-cr

Alternatively (if you don't have go), you can download a current release from github and move it somewhere into your $PATH.

Cloning

To clone an existing repo:

git cr clone /path/to/git-cr/repo nacl:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= my-clone
Pushing
git cr add crypto /path/to/git-cr/repo nacl:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=
git push crypto master
Encryption

The secret for NaCl is a 32 byte base64 encoded string. You can generate a new secret using

dd if=/dev/random bs=32 count=1 2> /dev/null |base64
Everything else

Just use git!

How it works

git-cr uses a git feature called external remotes:

$ git remote -v
crypto	ext::git cr %G run /path/to/remote nacl:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= (fetch)
crypto	ext::git cr %G run /path/to/remote nacl:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= (push)

Any git operation that needs the remote (e.g. pull, push, clone) then starts git-cr as a child process and uses pipes to talk the git protocol.

git-cr manages two things, refs (i.e. branch names) and packfiles (i.e. your data), in numbered revisions. Each push creates a new revision. These revisions are never visible to git in any way!

When pushing, git first sends the ref updates that git-cr uses to create a new revision. Then git sends the diffs as a so-called thin packfile, that git-cr encrypts and stores.

When pulling, git and git-cr first work out the current state of the local git repo. git-cr calculates the minimum set of previously stored packfiles it needs to send (i.e. all packfiles since the last revision the client completely has). Then it decrypts these packfiles, merges them into one and sends it to git.

Is it secure?

I'm not a cryptographer and git-cr was never audited by anyone. So you probably shouldn't trust it for anything critical. However the cryptography in git-cr is pretty straightforward and uses NaCl. Check it out!

What git-cr does not hide:

  • The size of your deltas (be aware of oracle attacks).
  • The dates when you push.

Currently the encryption key is stored in plain text on disk and is visible during some commands, see #5.

License

MIT of course.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
backends
local
crypto
nacl
git
handler
merger

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.