Skip to content

lucas-clemente/git-cr

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

106 Commits
backends/local
backends/local
 
 
crypto/nacl
crypto/nacl
 
 
git
git
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
main.go
main.go
 
 
main_test.go
main_test.go
 
 

Repository files navigation

🔒 git-cr — Client side encryption for git

Build Status

What it does

git-cr is a git remote that encrypts all data in a repo (including metadata) client-side. You can still use all of git's feature, including efficient deltas.

Currently git-cr stores your data in encrypted form in a local directory (e.g. in Dropbox, Google Drive, …), but a remote backend might be added soon.

What's new about git-cr

There are some tools and tutorials on how to encrypt single files stored in git. git-cr is different: it encrypts the whole repo, including metadata such as file names, branch names, commit messages. You also don't loose as many git features (e.g. awesome compression and efficient pushes / pulls).

Instructions

Installation

Installation using go:

go get github.com/lucas-clemente/git-cr

Alternatively (if you don't have go), you can download a current release from github and move it somewhere into your $PATH.

Cloning

To clone an existing repo:

git cr clone /path/to/git-cr/repo nacl:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= my-clone

Pushing

git cr add crypto /path/to/git-cr/repo nacl:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=
git push crypto master

Encryption

The secret for NaCl is a 32 byte base64 encoded string. You can generate a new secret using

echo -n nacl:; head -c32 /dev/urandom |base64

Everything else

Just use git!

How it works

git-cr uses a git feature called external remotes:

$ git remote -v
crypto	ext::git cr %G run /path/to/remote nacl:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= (fetch)
crypto	ext::git cr %G run /path/to/remote nacl:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= (push)

Any git operation that needs the remote (e.g. pull, push, clone) then starts git-cr as a child process and uses pipes to talk the git protocol.

git-cr manages two things, refs (i.e. branch names) and packfiles (i.e. your data), in numbered revisions. Each push creates a new revision. These revisions are never visible to git in any way!

When pushing, git first sends the ref updates that git-cr uses to create a new revision. Then git sends the diffs as a so-called thin packfile, that git-cr encrypts and stores.

When pulling, git and git-cr first work out the current state of the local git repo. git-cr calculates the minimum set of previously stored packfiles it needs to send (i.e. all packfiles since the last revision the client completely has). Then it decrypts these packfiles, merges them into one and sends it to git.

Is it secure?

I'm not a cryptographer and git-cr was never audited by anyone. So you probably shouldn't trust it for anything critical.

git-cr uses the backend to store whole files only. Files can either be git packfiles, or a manifest file containing the git refs for each revision. Each file is encrypted using NaCl's authenticated encryption crypto_secretbox. The key is static and part of the repository URL, while the nonce is generated (using crypto/rand) per file and stored prepended to the ciphertext.

The source code for this can be found here. Check it out!

What git-cr does not hide:

  • The size of your deltas (be aware of oracle attacks).
  • The dates when you push.

Currently the encryption key is stored in plain text on disk and is visible during some commands, see #5.

License

MIT of course.

About

Client-side encryption for git done right

Resources

Readme

License

MIT license
Activity

Stars

40 stars

Watchers

6 watching

Forks

10 forks
Report repository

Releases 1

v0.1.0 Latest
Jul 8, 2015

Packages

No packages published

Languages