git-remote-gitern is a git remote helper that end to end encrypts git repos without a custom remote receiver and without additional user key management. It's built for gitern and is unironically hosted here. For demonstration, this repo has been encrypted using itself: github.com/huumn/git-remote-gitern-encrypted
npm install -g git-remote-gitern
You'll need a free gitern account. Push and pull encrypted gitern repos using a remote address like gitern://some/path/to/repo
.
Push
gitern create ldv/an/encrypted/repo
git remote add gitern gitern://ldv/an/encrypted/repo
git push gitern master
"Clone"
git init
git remote add gitern gitern://ldv/an/encrypted/repo
git pull gitern master
These will be the targeted in future releases.
- Cloning is not supported
- Password protected SSH keys are not supported
- Slow
- Space inefficient
git-remote-gitern creates an encrypted object graph that has mostly identical structure to your git repo's unencrypted object graph. This encrypted object graph behaves like any other git repo but all of its objects are encrypted. It keeps track of the mapping between unencrypted and encrypted objects using a flat file stored in the encrypted repo. This mapping allows git-remote-gitern to determine the revision of an unencrypted repo relative to an encrypted one.
- Blobs are encrypted as is
- Trees are rewritten to point to encrypted objects
- Object names are encrypted and hex encoded
- Commit objects are encrypted whole, base64 encoded, and stored as the message of the analogous encrypted commit
Currently, the encrypted version of an unencrypted repo is stored inside the .git directory of the unencrypted repo. (Hence the space inefficiency.) On a push, encrypted copies of objects are stored in the encrypted repo then the encrypted repo is pushed to the remote. A fetch is this process in reverse.
The algorithm used to encrypt objects is AES-256-CBC
and each object gets a randomly generated IV. Delta compression is ineffective.
A symmetric key is generated for each repo and is used to encrypt the repo. For each ssh public key on the gitern account, the symmetric key is encrypted with this ssh public key and stored in the encrypted repo. Thus any computer with an ssh private key corresponding to an ssh public key used to encrypt the symmetric key can decrypt a git-remote-gitern repo.
Pull requests are welcome.