git-cr

command module

v0.1.0 Latest Latest Go to latest Published: Jul 8, 2015 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/lucas-clemente/git-cr

Links

Open Source Insights

README ¶

🔒 git-cr — Client side encryption for git

What it does

git-cr is a git remote that encrypts all data in a repo (including metadata) client-side. You can still use all of git's feature, including efficient deltas.

Currently git-cr stores your data in encrypted form in a local directory (e.g. in Dropbox, Google Drive, …), but a remote backend might be added soon.

Instructions

Installation

Installation using go:

go get github.com/lucas-clemente/git-cr

Alternatively (if you don't have go), you can download a current release from github and move it somewhere into your $PATH.

Cloning

To clone an existing repo:

git cr clone /path/to/git-cr/repo nacl:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= my-clone

Pushing

git cr add crypto /path/to/git-cr/repo nacl:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=
git push crypto master

Encryption

The secret for NaCl is a 32 byte base64 encoded string. You can generate a new secret using

dd if=/dev/random bs=32 count=1 2> /dev/null |base64

Everything else

Just use git!

How it works

git-cr uses a git feature called external remotes:

$ git remote -v
crypto	ext::git cr %G run /path/to/remote nacl:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= (fetch)
crypto	ext::git cr %G run /path/to/remote nacl:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= (push)

Any git operation that needs the remote (e.g. pull, push, clone) then starts git-cr as a child process and uses pipes to talk the git protocol.

git-cr manages two things, refs (i.e. branch names) and packfiles (i.e. your data), in numbered revisions. Each push creates a new revision. These revisions are never visible to git in any way!

When pushing, git first sends the ref updates that git-cr uses to create a new revision. Then git sends the diffs as a so-called thin packfile, that git-cr encrypts and stores.

When pulling, git and git-cr first work out the current state of the local git repo. git-cr calculates the minimum set of previously stored packfiles it needs to send (i.e. all packfiles since the last revision the client completely has). Then it decrypts these packfiles, merges them into one and sends it to git.

Is it secure?

I'm not a cryptographer and git-cr was never audited by anyone. So you probably shouldn't trust it for anything critical. However the cryptography in git-cr is pretty straightforward and uses NaCl. Check it out!

What git-cr does not hide:

The size of your deltas (be aware of oracle attacks).
The dates when you push.

Currently the encryption key is stored in plain text on disk and is visible during some commands, see #5.

License

MIT of course.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
backends
local
crypto
nacl
git
handler
merger

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL