在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
git-crypt - transparent file encryption in gitgit-crypt enables transparent encryption and decryption of files in agit repository. Files which you choose to protect are encrypted whencommitted, and decrypted when checked out. git-crypt lets you freelyshare a repository containing a mix of public and private content.git-crypt gracefully degrades, so developers without the secret key canstill clone and commit to a repository with encrypted files. This letsyou store your secret material (such as keys or passwords) in the samerepository as your code, without requiring you to lock down your entirerepository. git-crypt was written by Andrew Ayer ([email protected]).For more information, see https://www.agwa.name/projects/git-crypt. Building git-cryptSee the INSTALL.md file. Using git-cryptConfigure a repository to use git-crypt: cd repogit-crypt init Specify files to encrypt by creating a .gitattributes file: secretfile filter=git-crypt diff=git-crypt*.key filter=git-crypt diff=git-cryptsecretdir/** filter=git-crypt diff=git-crypt Like a .gitignore file, it can match wildcards and should be checked intothe repository. See below for more information about .gitattributes.Make sure you don't accidentally encrypt the .gitattributes file itself(or other git files like .gitignore or .gitmodules). Make sure your.gitattributes rules are in place before you add sensitive files, orthose files won't be encrypted! Share the repository with others (or with yourself) using GPG: git-crypt add-gpg-user USER_ID
Alternatively, you can export a symmetric secret key, which you mustsecurely convey to collaborators (GPG is not required, and no filesare added to your repository): git-crypt export-key /path/to/key After cloning a repository with encrypted files, unlock with GPG: git-crypt unlock Or with a symmetric key: git-crypt unlock /path/to/key That's all you need to do - after git-crypt is set up (either with Current StatusThe latest version of git-crypt is 0.6.0, released on2017-11-26. git-crypt aims to be bug-free and reliable, meaning itshouldn't crash, malfunction, or expose your confidential data.However, it has not yet reached maturity, meaning it is not asdocumented, featureful, or easy-to-use as it should be. Additionally,there may be backwards-incompatible changes introduced before version1.0. Securitygit-crypt is more secure than other transparent git encryption systems.git-crypt encrypts files using AES-256 in CTR mode with a synthetic IVderived from the SHA-1 HMAC of the file. This mode of operation isprovably semantically secure under deterministic chosen-plaintext attack.That means that although the encryption is deterministic (which isrequired so git can distinguish when a file has and hasn't changed),it leaks no information beyond whether two files are identical or not.Other proposals for transparent git encryption use ECB or CBC with afixed IV. These systems are not semantically secure and leak information. Limitationsgit-crypt relies on git filters, which were not designed with encryptionin mind. As such, git-crypt is not the best tool for encrypting most orall of the files in a repository. Where git-crypt really shines is wheremost of your repository is public, but you have a few files (perhapsprivate keys named *.key, or a file with API credentials) which youneed to encrypt. For encrypting an entire repository, consider using asystem like git-remote-gcryptinstead. (Note: no endorsement is made of git-remote-gcrypt's security.) git-crypt does not encrypt file names, commit messages, symlink targets,gitlinks, or other metadata. git-crypt does not hide when a file does or doesn't change, the lengthof a file, or the fact that two files are identical (see "Security"section above). git-crypt does not support revoking access to an encrypted repositorywhich was previously granted. This applies to both multi-user GPGmode (there's no del-gpg-user command to complement add-gpg-user)and also symmetric key mode (there's no support for rotating the key).This is because it is an inherently complex problem in the contextof historical data. For example, even if a key was rotated at onepoint in history, a user having the previous key can still accessprevious repository history. This problem is discussed in more detail inhttps://github.com/AGWA/git-crypt/issues/47. Files encrypted with git-crypt are not compressible. Even the smallestchange to an encrypted file requires git to store the entire changed file,instead of just a delta. Although git-crypt protects individual file contents with a SHA-1HMAC, git-crypt cannot be used securely unless the entire repository isprotected against tampering (an attacker who can mutate your repositorycan alter your .gitattributes file to disable encryption). If necessary,use git features such as signed tags instead of relying solely ongit-crypt for integrity. Files encrypted with git-crypt cannot be patched with git-apply, unlessthe patch itself is encrypted. To generate an encrypted patch, use git-crypt does not work reliably with some third-party git GUIs, suchas Atlassian SourceTreeand GitHub for Mac. Files might be left in an unencrypted state. Gitattributes FileThe .gitattributes file is documented in the gitattributes(5) man page.The file pattern format is the same as the one used by .gitignore,as documented in the gitignore(5) man page, with the exception thatspecifying merely a directory (e.g. Also note that the pattern dir/** filter=git-crypt diff=git-crypt The .gitattributes file must not be encrypted, so make sure wildcards don'tmatch it accidentally. If necessary, you can exclude .gitattributes fromencryption like this: .gitattributes !filter !diff Mailing ListsTo stay abreast of, and provide input to, git-crypt development,consider subscribing to one or both of our mailing lists: |
请发表评论