shadowhand / git-encrypt Goto Github PK

MacOS 10.9, GitX 0.14.95.

I cloned a remote repo, and configured gitcrypt in this local repo. In shell it works well. But when I open this repo in a GUI Git client, such as my GitX, click any commit, will got this error:

gitcrypt smudge: gitcrypt: command not found
error: external filter gitcrypt smudge failed -1
error: external filter gitcrypt smudge failed
gitcrypt diff: gitcrypt: command not found
fatal: unable to read files to diff

My gitcrypt is located in ~/bin, is there anything special that i must config in GitX?

Sorry if this is an inappropriate forum or a stupid question but:

Let's say I have a completely public git repo, say on github. But I've got a file of passwords that can not be public. If I use git-encrypt to encrypt to that file, is this within the intended use cases of git-encrypt, is this something that makes sense to do? Or is it a bad idea?

Thanks for any advice,

Is there a chance to also encrypt/obfuscate the filenames?

If the merge fails, then the merge conflict shows encrypted text with which it is not possible to resolve the conflict.

I have several major criticisms with respect to the cryptography choices made in this project.

First, ECB mode is a bad idea. It should very literally never be used for any serious application of cryptography.

In a nutshell, ECB mode provides no semantic security. Patterns present in the plaintext will still be present in the ciphertext. The data itself may be obfuscated, but its relationship to other data is left intact. As with the case of the Tux image in that link, one can often use this property to reconstruct the original data from the encrypted data.

Second, there is zero reason to have users provide their own salt (or even for your tool to do so behind the scenes). The salt in this case is only used for key derivation, and OpenSSL is more than capable of generating its own high-quality, random salts. The only possible result from allowing users to provide their own is to decrease the likeliness of a unique salt from being used. Infinitely more so when your own documentation specifies a phenomenally negligent default like 0x0000000000000000 (it should be noted that specifying any value that could be interpreted as a "default" is negligent, but a value like that even more so).

More worryingly, some of the problems of using ECB mode are actually compounded by using a fixed salt like this. If you simply allowed OpenSSL to generate its own salts, random salts would be used during key derivation for new encryptions, causing each encryption to be performed with a unique key. This doesn't provide semantic security for data within a single git blob, but at least it provides for semantic security for data in separate ones.

If these choices were made because git is incapable of working correctly when using a sane encryption mechanism like AES in CBC or CTR mode (CTR mode is preferred, but not implemented on outdated but somewhat recent versions of OpenSSL) and/or properly-derived keys, then I'm afraid this project is likely fundamentally broken from a cryptography perspective, offering security which, while not quite on the kid sister part of the spectrum, is much closer to it than you probably realize.

Using the latest version of gitcrypt (legacy branch).
I have a repo which already has gitcrypte'd files which I have cloned to another machine.
When I use gitcrypt init I enter the salt and password but choosing the cipher fails.

gitcrypt init   
<SNIP>
What encryption cipher do you want to use? [aes-256-ecb] 
Invalid command 'list-cipher-commands'; type "help" for a list.
Error: Cipher 'aes-256-ecb' is not available

Invalid command 'list-cipher-commands'; type "help" for a list. is the error and this seems to be coming from openssl at this line.

• OpenSSL 1.1.0g 2 Nov 2017
• gitcrypt (legacy branch)
• Ubuntu 18.04.1 LTS

Is it important or not if I don't use the function encrypt diff in the script gitcrypt. I know it will generate the ugly difference bettween 2 version of the same file. But apart of this issue, does it influence anything else about the version history of the repository?
Because for me, "encrypt diff" seem do not work on windows. when I run "git diff filename" with encrypt I have this error
cat: $@: No such file or directory
cat: $@: No such file or directory
Thanks in advance for your answer.

Hi,

is there a way to check that my file is realy encrypted before I push it to a remote repo?

Regards
Dieter

Error -bash: md5: command not found appears when random salt is going to be generated

Hello, I'm working with Vagrant/ansible setup to do development and I've notice a small incompatibility that might be simple to fix.

When ever I do a git checkout of my project within the Ubuntu box I run git-crypt unlock on the repository. Since the virtual box directory is exposed to the osx host machine I am able work on the repository as if it is a project installed on OSX (shared directories). Apparently the git-crypt unlock stores the complete (ubuntu) path to git-crypt in the repository. This then fails on osx as the path to git-crypt is different.

on osx i get these results;

$ git-crypt --version
git-crypt 0.5.0
$ which git-crypt
/usr/local/bin/git-crypt
$ git-crypt unlock git-crypt-key.key  
$ grep -R git-crypt ./.git/
./.git//config:[filter "git-crypt"]
./.git//config: smudge = \"git-crypt\" smudge
./.git//config: clean = \"git-crypt\" clean
./.git//config:[diff "git-crypt"]
./.git//config: textconv = \"git-crypt\" diff

from ubuntu I get these results;

$ which git-crypt
/usr/bin/git-crypt
$ git-crypt --version
git-crypt 0.5.0
$ git-crypt unlock git-crypt-key.key  
$ grep -R git-crypt ./.git/
./.git/config:[filter "git-crypt"]
./.git/config:  smudge = \"/usr/bin/git-crypt\" smudge
./.git/config:  clean = \"/usr/bin/git-crypt\" clean
./.git/config:[diff "git-crypt"]
./.git/config:  textconv = \"/usr/bin/git-crypt\" diff

As you can see both git-crypt versions store a reference to the git-crypt executable differently which will be problematic in the described - admittedly not so mainstream - setup.

I'm aware that I can simply run git-crypt unlock from the host machine as a work around but I'm wondering if there is a better way to work around this.

So, is this something that can be fixed or configured?

Gitcrypt has problems with dot files.

If i have this in .gitattributes:

.ssh/id_rsa filter=encrypt diff=encrypt
.ssh/authorized_hosts filter=encrypt diff=encrypt

it just doesn't work and i have no idea why?

Any chance of getting a new release sometime soon? I could really use the submodule support that's in the develop branch, and would like to avoid forking and uploading my own copy to npm if possible.

I think adding a couple of "setup" commands would be quite useful, just as a shortcut to manually editing .gitattributes and or .gitconfig. As an example - https://github.com/nvie/gitflow does this quite nicely

gitcrypt init:
It could ask for/set up the salt and passphrase, then add them to git config and also map the encrypt filter.

gitcrypt add:
add the pattern format to the encryption filter

gitcrypt remove:
remove the pattern format from the encryption filter

I checked with the following git versions:

git v1.9.5: ok
git v2.0.0: ok
git v2.0.5: ok
git v2.1.4: ok

git v2.2.0, v2.2.1, v2.2.2: NOT ok

I checked with git-encrypt v0.3.0, v0.3.1 and v0.3.2, the problem was the same.

Steps to reproduce:

vagrant@vagrant:~/workspace/personal$ git --version
git version 2.2.0
vagrant@vagrant:~/workspace/personal$ gitcrypt version
gitcrypt version 0.3.0
vagrant@vagrant:~/workspace/personal$ mkdir test
vagrant@vagrant:~/workspace/personal$ cd test/
vagrant@vagrant:~/workspace/personal/test$ git init
Initialized empty Git repository in /home/vagrant/workspace/personal/test/.git/
vagrant@vagrant:~/workspace/personal/test$ touch README.md
vagrant@vagrant:~/workspace/personal/test$ gitcrypt init
Generate a random salt? [Y/n] 
Generate a random password? [Y/n]n
Enter your passphrase: 123456
What encryption cipher do you want to use? [aes-256-ecb] 

This configuration will be stored:

salt:   1f144788937c915a
pass:   123456
cipher: aes-256-ecb

Does this look right? [Y/n] 
Do you want to use .git/info/attributes? [Y/n] n
What files do you want encrypted? [*] 
vagrant@vagrant:~/workspace/personal/test$ git status
On branch master

Initial commit

Untracked files:
  (use "git add <file>..." to include in what will be committed)

    .gitattributes
    README.md

nothing added to commit but untracked files present (use "git add" to track)
vagrant@vagrant:~/workspace/personal/test$ git add .
error: copy-fd: read returned Bad file descriptor
error: cannot feed the input to external filter gitcrypt clean
error: external filter gitcrypt clean failed

as we could see, when I $ git add, we got the following messages:

error: copy-fd: read returned Bad file descriptor
error: cannot feed the input to external filter gitcrypt clean
error: external filter gitcrypt clean failed

So before a fix for this is updated, we will need to use the working git versions tested above.

To decrypt e.g. a file foobar.secret:

$ cd your-repo
$ cat .git/config
…
[gitcrypt]
        salt = 0ddba11c0ffee
        pass = "tooquoof8ahK)uozie]xu7naebah5aa3"
        cipher = aes-256-ecb
…
$ pass="tooquoof8ahK)uozie]xu7naebah5aa3"
$ cipher=aes-256-ecb
$ openssl enc -d -base64 -$cipher -k "$pass" < foobar.secret > foobar.decrypted

hope that helps.
😃

In the Readme you show how the encrypt all files, one file, or a pattern of files.

Is there a way to encrypt all files but one (i.e. Readme.md)?

1. Salt doesn't need to be secret.
2. You don't want to use ECB mode. http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29

I have an unencrypted root project that has an encrypted submodule.

Adding the gitcrypt info to the root/.git/config does not cause the submodule to decrypt.
Additionally there is no .git folder in /root/submodule that I can add information to.

Do you have any insight? thanks

Add what git-encrypt does to the top of the Readme. Don't leave us in suspense! ;)

Could I request that you put in a new release tag. I'm submitting git-encrypt as a homebrew formula but there's a request that I not create the formula from HEAD, but rather a stable point. Given the last pull requests I think a new release tag would be worthwhile.

(Homebrew/legacy-homebrew#11608)

Thanks much

Just wanted to say how awesome this little project is. Thanks so much for making it!!

If I start using git-encrypt on an existing repo, it will only encrypt going forward. Is there a good way to go back and encrypt the existing commits, ideally while maintaining commit date, commit message, etc? I'm think of using something like git filter-branch, but I wonder if someone has already figured out a good way to do this.

Would you please create a new download tag from the current develop branch? The current version isn't fully compatible with Mac OS X and I'd like to update the homebrew version of git-encrypt, but it's not possible without a stable version.

To decrypt old repo add to openssl enc param -md md5

https://superuser.com/questions/1245384/openssl-bad-decrypt-between-0-9-8o-and-1-1-0f