Don't encrypt empty files in new repositories

git has several problems with using smudge/clean filters on empty files (see issue #53). The easiest fix is to just not encrypt empty files. Since it was already obvious from the encrypted file length that a file was empty, skipping empty files does not decrease security. Since skipping empty files is a breaking change to the git-crypt file format, we only do this on new repositories. Specifically, we add a new critical header field to the key file called skip_empty which is set in new keys. We skip empty files if and only if this field is present. Closes: #53 Closes: #162
2026-01-03 08:37:57 -08:00 · 2020-07-29 08:57:22 -04:00
parent 7c129cdd38
commit 8ba75c4719
3 changed files with 26 additions and 1 deletions
--- a/key.cpp
+++ b/key.cpp
@@ -232,6 +232,11 @@ void		Key_file::load_header (std::istream& in)
 				key_name.clear();
 				throw Malformed();
 			}
+		} else if (field_id == HEADER_FIELD_SKIP_EMPTY) {
+			if (field_len != 0) {
+				throw Malformed();
+			}
+			skip_empty = true;
 		} else if (field_id & 1) { // unknown critical field
 			throw Incompatible();
 		} else {
@@ -256,6 +261,10 @@ void		Key_file::store (std::ostream& out) const
 		write_be32(out, key_name.size());
 		out.write(key_name.data(), key_name.size());
 	}
+	if (skip_empty) {
+		write_be32(out, HEADER_FIELD_SKIP_EMPTY);
+		write_be32(out, 0);
+	}
 	write_be32(out, HEADER_FIELD_END);
 	for (Map::const_iterator it(entries.begin()); it != entries.end(); ++it) {
 		it->second.store(out);