diff --git a/README b/README index 48111f5..cad34f6 100644 --- a/README +++ b/README @@ -21,14 +21,10 @@ See the INSTALL file. USING GIT-CRYPT -Generate a secret key: - - $ git-crypt keygen /path/to/keyfile - -Configure a repository to use encryption: +Configure a repository to use git-crypt: $ cd repo - $ git-crypt init /path/to/keyfile + $ git-crypt init Specify files to encrypt by creating a .gitattributes file: @@ -36,18 +32,36 @@ Specify files to encrypt by creating a .gitattributes file: *.key filter=git-crypt diff=git-crypt Like a .gitignore file, it can match wildcards and should be checked into -the repository. See below for more information about .gitattributes -files. Make sure you don't accidentally encrypt the .gitattributes -file itself! +the repository. See below for more information about .gitattributes. +Make sure you don't accidentally encrypt the .gitattributes file itself! -Cloning a repository with encrypted files: +Share the repository with others (or with yourself) using GPG: - $ git clone /path/to/repo - $ cd repo - $ git-crypt init /path/to/keyfile + $ git-crypt add-gpg-key USER_ID -That's all you need to do - after running git-crypt init, you can use -git normally - encryption and decryption happen transparently. +USER_ID can be a key ID, a full fingerprint, an email address, or anything +else that uniquely identifies a key to GPG (see "HOW TO SPECIFY A USER +ID" in the gpg man page). Note: `git-crypt add-gpg-key` will add and +commit a GPG-encrypted key file in the .git-crypt directory of the root +of your repository. + +Alternatively, you can export a symmetric secret key, which you must +securely convey to collaborators (GPG is not required, and no files +are added to your repository): + + $ git-crypt export-key /path/to/key + +After cloning a repository with encrypted files, unlock with with GPG: + + $ git-crypt unlock + +Or with a symmetric key: + + $ git-crypt unlock /path/to/key + +That's all you need to do - after git-crypt is set up (either with +`git-crypt init` or `git-crypt unlock`), you can use git normally - +encryption and decryption happen transparently. CURRENT STATUS diff --git a/README.md b/README.md index 732f62a..67fafa7 100644 --- a/README.md +++ b/README.md @@ -22,14 +22,10 @@ See the [INSTALL.md](INSTALL.md) file. Using git-crypt --------------- -Generate a secret key: - - git-crypt keygen /path/to/keyfile - -Configure a repository to use encryption: +Configure a repository to use git-crypt: cd repo - git-crypt init /path/to/keyfile + git-crypt init Specify files to encrypt by creating a .gitattributes file: @@ -37,18 +33,36 @@ Specify files to encrypt by creating a .gitattributes file: *.key filter=git-crypt diff=git-crypt Like a .gitignore file, it can match wildcards and should be checked into -the repository. See below for more information about .gitattributes -files. Make sure you don't accidentally encrypt the .gitattributes -file itself! +the repository. See below for more information about .gitattributes. +Make sure you don't accidentally encrypt the .gitattributes file itself! -Cloning a repository with encrypted files: +Share the repository with others (or with yourself) using GPG: - git clone /path/to/repo - cd repo - git-crypt init /path/to/keyfile + git-crypt add-gpg-key USER_ID -That's all you need to do - after running `git-crypt init`, you can use -git normally - encryption and decryption happen transparently. +`USER_ID` can be a key ID, a full fingerprint, an email address, or anything +else that uniquely identifies a key to GPG (see "HOW TO SPECIFY A USER +ID" in the gpg man page). Note: `git-crypt add-gpg-key` will add and +commit a GPG-encrypted key file in the .git-crypt directory of the root +of your repository. + +Alternatively, you can export a symmetric secret key, which you must +securely convey to collaborators (GPG is not required, and no files +are added to your repository): + + git-crypt export-key /path/to/key + +After cloning a repository with encrypted files, unlock with with GPG: + + git-crypt unlock + +Or with a symmetric key: + + git-crypt unlock /path/to/key + +That's all you need to do - after git-crypt is set up (either with +`git-crypt init` or `git-crypt unlock`), you can use git normally - +encryption and decryption happen transparently. Current Status --------------