generouslabs / brainstorming-encrypted-git Goto Github PK
View Code? Open in Web Editor NEWBrainstorming how to build encrypted git remotes on top of isomorphic-git
License: GNU Affero General Public License v3.0
Brainstorming how to build encrypted git remotes on top of isomorphic-git
License: GNU Affero General Public License v3.0
Following this comment I'm breaking this out into a separate issue.
Idea: Encrypt each ref and object from the source repo as a file in the encrypted repo
When pushing the unencrypted repo:
.git/encrypted
cd .git/encrypted && git init && git remote add ... && cd ../..
git show-ref
.git/encrypted/refs
git cat-file $ref
.git/encrypted/objects/xx/xx/xxxx
.git/encrypted
cd .git/encrypted && git add . && git commit -m updates && git push
Pulling an encrypted repo would then look like:
.git/encrypted
cd .git/encrypted && git init && git remote add ... && git pull
find objects/ -type f
.git/encrypted/refs
and recreate the refsFollowing #1, what privacy tradeoffs make sense?
git-remote-gcrypt obscures everything by encrypting the packfiles and replacing the remote's single commit with a new one on each push. This is very far towards the privacy end of the spectrum, but introduces trade offs.
For mobile first applications that use git to store data, what tradeoffs would make sense?
This issue is to track discussion around git-remote-gcrypt and if we could achieve interop with its encryption format.
Having dug into the code, read the docs, and run some local tests, I think it works like this:
91bd0c092128cf2e60e1a608c31e92caf1f9c1595f83f2890ef17c0e4881aa0a
Effectively, a git hosting service is used as a store of the latest "encrypted" git repository. So any pushes must upload the whole commit history again, because from GitHub's perspective, there's only ever 1 single commit.
Pros
Cons
I have a working prototype now that takes a git repo and encrypts it by encrypting each object independently. I can push data to it and pull data back. That much works.
https://github.com/GenerousLabs/git-remote-encrypted
Now, I'm looking at how would it work if implemented as a git remote helper.
Firstly, reading this: https://git-scm.com/docs/gitremote-helpers
Then this is a very helpful guide: https://rovaughn.github.io/
Which in turn links to: https://github.com/git/git/blob/master/t/t5801/git-remote-testgit
The basics are:
git
passes data to the stdin of the helper and reads from the stdout
\n\n
capabilities
command firstfetch
and push
only at firstThat's about as much as I've understood thus far. Some additional useful reading:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.