Git encryption that works

Intructions on git encryption are to found around the web, some don’t work, some are too difficult. The following works for me. Make sure you understand what you’re doing if you decide to use it. All thanks, kudos, merit and attribution to this excellent post.

  1. Make sure git and openssl are installed and working on your system
  2. Create a directory in $HOME:
    mkdir ~/.gitencrypt
  3. Make it accessible only to user
    chmod 0700 ~/.gitencrypt
  4. Create the 3 following files in this directory:
    cat > ~/.gitencrypt/clean_filter_openssl <<EOF
    #!/bin/sh
    SALT=
    PASSWORD=
    openssl enc -base64 -aes-256-ecb -S $SALT -k $PASSWORD
    EOF
    cat > ~/.gitencrypt/diff_filter_openssl <<EOF
    #!/bin/sh
    PASSWORD=
    openssl enc -d -base64 -aes-256-ecb -k $PASSWORD -in "" 2> /dev/null || cat ""
    EOF
    cat > ~/.gitencrypt/smudge_filter_openssl <<EOF
    #!/bin/sh
    PASSWORD=
    openssl enc -d -base64 -aes-256-ecb -k $PASSWORD 2> /dev/null || cat
    EOF
  5. Make these 3 files executable:
    chmod +x ~/.gitencrypt/*
  6. Generate a random, 24-hex characters salt and a random password, and set them in the files created above:
    RANDOM_SALT=$(tr -dc 'A-F0-9' < /dev/urandom | head -c16)
    RANDOM_PASSWORD=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c18)
    sed -i -e "s/SALT=/SALT=${RANDOM_SALT}/" ~/.gitencrypt/*
    sed -i -e "s/PASSWORD=/PASSWORD=${RANDOM_PASSWORD}/" ~/.gitencrypt/*
  7. Create a git repository:
    mkdir repos
    cd repos
    git init
  8. Append lines to .git/config:
    cat >> .git/config <<EOF
    
    [filter "openssl"]
        smudge = ~/.gitencrypt/smudge_filter_openssl
        clean = ~/.gitencrypt/clean_filter_openssl
    [diff "openssl"]
        textconv = ~/.gitencrypt/diff_filter_openssl
    EOF
  9. Add a .gitattributes file
    cat > .gitattributes <<EOF
    * filter=openssl diff=openssl
    [merge]
    renormalize=true
    EOF
  10. Now all commits will be encrypted.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s