mirror of
https://github.com/AGWA/git-crypt.git
synced 2025-12-16 17:37:43 -08:00
Major revamp: new key paradigm, groundwork for GPG support
The active key is now stored in .git/git-crypt/key instead of being stored outside the repo. This will facilitate GPG support, where the user may never interact directly with a key file. It's also more convenient, because it means you don't have to keep the key file around in a fixed location (which can't be moved without breaking git-crypt). 'git-crypt init' now takes no arguments and is used only when initializing git-crypt for the very first time. It generates a brand-new key, so there's no longer a separate keygen step. To export the key (for conveyance to another system or to a collaborator), run 'git-crypt export-key FILENAME'. To decrypt an existing repo using an exported key, run 'git-crypt unlock KEYFILE'. After running unlock, you can delete the key file you passed to unlock. Key files now use a new format that supports key versioning (which will facilitate secure revocation in the future). I've made these changes as backwards-compatible as possible. Repos already configured with git-crypt will continue to work without changes. However, 'git-crypt unlock' expects a new format key. You can use the 'git-crypt migrate-key KEYFILE' command to migrate old keys to the new format. Note that old repos won't be able to use the new commands, like export-key, or the future GPG support. To migrate an old repo, migrate its key file and then unlock the repo using the unlock command, as described above. While making these changes, I cleaned up the code significantly, adding better error handling and improving robustness. Next up: GPG support.
This commit is contained in:
Andrew Ayer
28
commands.hpp
28
commands.hpp
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2012 Andrew Ayer
|
||||
* Copyright 2012, 2014 Andrew Ayer
|
||||
*
|
||||
* This file is part of git-crypt.
|
||||
*
|
||||
@@ -31,12 +31,28 @@
|
||||
#ifndef _COMMANDS_H
|
||||
#define _COMMANDS_H
|
||||
|
||||
#include <string>
|
||||
|
||||
void clean (const char* keyfile);
|
||||
void smudge (const char* keyfile);
|
||||
void diff (const char* keyfile, const char* filename);
|
||||
void init (const char* argv0, const char* keyfile);
|
||||
void keygen (const char* keyfile);
|
||||
struct Error {
|
||||
std::string message;
|
||||
|
||||
explicit Error (std::string m) : message(m) { }
|
||||
};
|
||||
|
||||
// Plumbing commands:
|
||||
int clean (int argc, char** argv);
|
||||
int smudge (int argc, char** argv);
|
||||
int diff (int argc, char** argv);
|
||||
// Public commands:
|
||||
int init (int argc, char** argv);
|
||||
int unlock (int argc, char** argv);
|
||||
int add_collab (int argc, char** argv);
|
||||
int rm_collab (int argc, char** argv);
|
||||
int ls_collabs (int argc, char** argv);
|
||||
int export_key (int argc, char** argv);
|
||||
int keygen (int argc, char** argv);
|
||||
int migrate_key (int argc, char** argv);
|
||||
int refresh (int argc, char** argv);
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
Reference in New Issue
Block a user