{"id":20713362,"url":"https://github.com/linaro/git-gpgcrypt","last_synced_at":"2025-04-23T08:06:13.946Z","repository":{"id":15809630,"uuid":"18549198","full_name":"Linaro/git-gpgcrypt","owner":"Linaro","description":"Transparent git content encryption backed by GPG public key infrastructure","archived":true,"fork":false,"pushed_at":"2015-09-23T23:52:33.000Z","size":148,"stargazers_count":6,"open_issues_count":0,"forks_count":5,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-04-23T08:06:08.414Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Linaro.png","metadata":{"files":{"readme":"README","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-04-08T07:29:49.000Z","updated_at":"2025-04-01T11:15:26.000Z","dependencies_parsed_at":"2022-09-24T04:42:01.540Z","dependency_job_id":null,"html_url":"https://github.com/Linaro/git-gpgcrypt","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Linaro%2Fgit-gpgcrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Linaro%2Fgit-gpgcrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Linaro%2Fgit-gpgcrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Linaro%2Fgit-gpgcrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Linaro","download_url":"https://codeload.github.com/Linaro/git-gpgcrypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250395283,"owners_count":21423400,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-17T02:24:50.283Z","updated_at":"2025-04-23T08:06:13.925Z","avatar_url":"https://github.com/Linaro.png","language":"Shell","readme":"Transparent git encryption using GPG public key infrastructure\n==============================================================\n\nThis script allows to encrypt some (or all) files in a git repository using\nexisting GPG public key infrastructure. It allows to set access list of\nkey IDs which can access files, and then all decryption and encryption\nis handled transparently, while performing usual git operations (assuming\ncurrent user is in existing access list, and has public keys of other\nrecipients).\n\ngit-gpgcrypt is inspired by (and based on) https://github.com/shadowhand/git-encrypt\nproject, which uses symmetric encryption scheme and\nhttp://thread.gmane.org/gmane.comp.version-control.git/113124/focus=113189\nthread which initially explored using GPG for git encryption.\n\nUsage:\n\nInstallation\n------------\n1. git clone https://git.linaro.org/infrastructure/git-gpgcrypt.git\n2. Put git-gpgcrypt/git-gpgcrypt somewhere on PATH\n3. Make sure you have GPG agent set up and running - either GPG's own\ngpg-agent or integration with your desktop environment (most Linux\ndesktop environment have this out of the box, e.g. in Ubuntu). It's\nimpractical to use git-gpgcrypt without an agent - you will get multiple\npassword prompts for each git command.\n\n\nNew repository\n--------------\n1. git init\n2. Create \".recipients\" file listing key names of persons who may access\nencrypted files in the repository. The format for each line is:\n\n\u003cuser sel\u003e [#\u003ccomment\u003e]\n\nUser selector can be key IDs, fingerprints, substrings of user IDs (e.g.,\nemails). See \"How to specify a user ID\" in man gpg for more details.\n3. Corresponding keys must be already present in your keyring. If that's\nnot the case, your can import keys from keyserver using\n\"git gpgcrypt search-keys\" command. WARNING: You should verify each key\nimported thoroughly, by default treating unverified keys as counterfeit.\n4. git gpgcrypt init\n5. Review .gitattributes file for file encryption settings (it's not required\nto encrypt all files; in particular, default .gitattributes makes README and\nsome other files plain-text).\n6. Add files and use repository as usual.\n\nCloned repository\n-----------------\n1. git clone\n2. git gpgcrypt init\n3. git gpgcrypt search-keys, if you don't have all recipient keys in your\nkeyring. WARNING: You should verify each key imported thoroughly, by default\ntreating unverified keys as counterfeit.\n\nUpdate list of recipients\n-------------------------\n1. Update list in .recipients\n2. git gpgcrypt update\n3. Commit and push changes to .recipients, etc.\n4. TODO: Set up git hook for automatic update.\n\n\nImplementation details\n----------------------\nGPG encryption is non-deterministic (meaning that encrypting same cleartext\n2 times produces different ciphertexts). So, if GPG encryption is used\ndirectly, it can lead to spurious empty commits (specifically it was found\nthat after cloning and initializing existing repository, freshly decrypted\nfiles are marked as changed, even though cleartext matches one in HEAD).\nTo work that around, some of GPG message encryption process was reimplemented:\nfiles are encrypted using deterministic symmetric cipher, while cipher key\nis encrypted using GPG for each of repository recipients. That roughly\ncorresponds to how GPG handles message encryptions itself (but it applies\nadditional padding and randomization).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinaro%2Fgit-gpgcrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flinaro%2Fgit-gpgcrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinaro%2Fgit-gpgcrypt/lists"}