mirror of
https://github.com/AGWA/git-crypt.git
synced 2026-02-04 19:12:06 -08:00
Enhance documentation
Add NEWS file, spin installation instructions into INSTALL file, and add useful information from the git-crypt website to the README.
This commit is contained in:
Andrew Ayer
22
INSTALL
Normal file
22
INSTALL
Normal file
@@ -0,0 +1,22 @@
|
||||
DEPENDENCIES
|
||||
|
||||
To use git-crypt, you need:
|
||||
|
||||
* Git 1.6.0 or newer
|
||||
* OpenSSL
|
||||
* For decrypted git diff output, Git 1.6.1 or newer
|
||||
* For decrypted git blame output, Git 1.7.2 or newer
|
||||
|
||||
To build git-crypt, you need a C++ compiler and OpenSSL development
|
||||
headers.
|
||||
|
||||
|
||||
BUILDING GIT-CRYPT
|
||||
|
||||
The Makefile is tailored for g++, but should work with other compilers.
|
||||
|
||||
$ make
|
||||
$ cp git-crypt /usr/local/bin/
|
||||
|
||||
It doesn't matter where you install the git-crypt binary - choose wherever
|
||||
is most convenient for you.
|
||||
18
NEWS
Normal file
18
NEWS
Normal file
@@ -0,0 +1,18 @@
|
||||
v0.3 (2013-04-05)
|
||||
* Fix 'git-crypt init' on newer versions of Git. Previously,
|
||||
encrypted files were not being automatically decrypted after
|
||||
running 'git-crypt init' with recent versions of Git.
|
||||
* Allow 'git-crypt init' to be run even if the working tree contains
|
||||
untracked files.
|
||||
* 'git-crypt init' now properly escapes arguments to the filter
|
||||
commands it configures, allowing both the path to git-crypt and the
|
||||
path to the key file to contain arbitrary characters such as spaces.
|
||||
|
||||
v0.2 (2013-01-25)
|
||||
* Numerous improvements to 'git-crypt init' usability.
|
||||
* Fix gitattributes example in README: the old example showed a colon
|
||||
after the filename where there shouldn't be one.
|
||||
* Various build fixes and improvements.
|
||||
|
||||
v0.1 (2012-11-29)
|
||||
* Initial release.
|
||||
72
README
72
README
@@ -16,25 +16,7 @@ For more information, see <http://www.agwa.name/projects/git-crypt>.
|
||||
|
||||
BUILDING GIT-CRYPT
|
||||
|
||||
See below for dependencies. The Makefile is tailored for g++. If you
|
||||
have a different compiler, edit Makefile and change the CXX and CFLAGS
|
||||
variables. This will be made easier in a future release.
|
||||
|
||||
$ make
|
||||
$ cp git-crypt /usr/local/bin/
|
||||
|
||||
It doesn't matter where you install the git-crypt binary - choose wherever
|
||||
is most convenient for you.
|
||||
|
||||
|
||||
DEPENDENCIES
|
||||
|
||||
To use git-crypt, you need:
|
||||
|
||||
* Git 1.6.0 or later
|
||||
* OpenSSL
|
||||
* For decrypted git diff output, Git 1.6.1 or later
|
||||
* For decrypted git blame output, Git 1.7.2 or later
|
||||
See the INSTALL file.
|
||||
|
||||
|
||||
USING GIT-CRYPT
|
||||
@@ -65,3 +47,55 @@ Cloning a repository with encrypted files:
|
||||
|
||||
That's all you need to do - after running git-crypt init, you can use
|
||||
git normally - encryption and decryption happen transparently.
|
||||
|
||||
|
||||
CURRENT STATUS
|
||||
|
||||
The latest version of git-crypt is 0.3, released on 2013-04-05.
|
||||
git-crypt is not yet feature complete and the user experience is rough
|
||||
in places. There may also be compatibility-breaking changes introduced
|
||||
before version 1.0. That said, git-crypt is reliable and secure and
|
||||
used to protect content in real world repositories.
|
||||
|
||||
Development on git-crypt is currently focused on improving the user
|
||||
experience, especially around setting up repositories. There are also
|
||||
plans to add additional key management schemes, such as passphrase-derived
|
||||
keys and keys encrypted with PGP.
|
||||
|
||||
|
||||
SECURITY
|
||||
|
||||
git-crypt is more secure that other transparent git encryption systems.
|
||||
git-crypt encrypts files using AES-256 in CTR mode with a synthetic
|
||||
IV derived from the SHA-1 HMAC of the file. This is provably
|
||||
semantically secure under deterministic chosen-plaintext attack.
|
||||
That means that although the encryption is deterministic (which is
|
||||
required so git can distinguish when a file has and hasn't changed),
|
||||
it leaks no information beyond whether two files are identical or not.
|
||||
Other proposals for transparent git encryption use ECB or CBC with no
|
||||
IV. These systems are not semantically secure and leak information.
|
||||
|
||||
The AES key is stored unencrypted on disk. The user is responsible for
|
||||
protecting it and ensuring it's safely distributed only to authorized
|
||||
people. A future version of git-crypt may support encrypting the key
|
||||
with a passphrase.
|
||||
|
||||
|
||||
LIMITATIONS
|
||||
|
||||
git-crypt is not designed to encrypt an entire repository. Not only does
|
||||
that defeat the aim of git-crypt, which is the ability to selectively
|
||||
encrypt files and share the repository with less-trusted developers, there
|
||||
are probably better, more efficient ways to encrypt an entire repository,
|
||||
such as by storing it on an encrypted filesystem. Also note that
|
||||
git-crypt is somewhat of an abuse of git's smudge, clean, and textconv
|
||||
features. Junio Hamano, git's maintainer, has said not to do this
|
||||
<http://thread.gmane.org/gmane.comp.version-control.git/113124/focus=113221>,
|
||||
though his main objection ("making a pair of similar 'smudged' contents
|
||||
totally dissimilar in their 'clean' counterparts.") does not apply here
|
||||
since git-crypt uses deterministic encryption.
|
||||
|
||||
git-crypt does not itself provide any authentication. It assumes that
|
||||
either the master copy of your repository is stored securely, or that
|
||||
you are using git's existing facilities to ensure integrity (signed tags,
|
||||
remembering commit hashes, etc.).
|
||||
|
||||
Reference in New Issue
Block a user