![github openssl github openssl](https://archive.is/JuO80/3e39b3d33d3caa172530d6b3462a52cba7725ff7/scr.png)
Even the smallest change to an encrypted file requires git to store the entire changed file, instead of just a delta.Īlthough git-crypt protects individual file contents with a SHA-1 HMAC, git-crypt cannot be used securely unless the entire repository is protected against tampering (an attacker who can mutate your repository can alter your. This problem is discussed in more detail in Issue #47.įiles encrypted with git-crypt are not compressible. For example, even if a key was rotated at one point in history, a user having the previous key can still access previous repository history. This is because it is an inherently complex problem in the context of historical data. This applies to both multi-user GPG mode (there's no del-gpg-user command to complement add-gpg-user) and also symmetric key mode (there's no support for rotating the key). Git-crypt does not support revoking access to an encrypted repository which was previously granted. Git-crypt does not hide when a file does or doesn't change, the length of a file, or the fact that two files are identical (see "Security" section above). Git-crypt does not encrypt file names, commit messages, symlink targets, gitlinks, or other metadata. (Note: no endorsement is made of git-remote-gcrypt's security.) For encrypting an entire repository, consider using a system like git-remote-gcrypt instead. Where git-crypt really shines is where most of your repository is public, but you have a few files (perhaps private keys named *.key, or a file with API credentials) which you need to encrypt. As such, git-crypt is not the best tool for encrypting most or all of the files in a repository. New Binary(Buffer.Git-crypt relies on git filters, which were not designed with encryption in mind.
![github openssl github openssl](https://user-images.githubusercontent.com/7049700/78462916-c2442900-768b-11ea-9ccd-fa32477681f7.png)
Finding a document with regular (non-encrypted) client.