4

Based on this question:encrypt files before sending them to cloud.

considering openssl: For example when using openssl we can write the files fooenc.sh:

#!/bin/sh 
openssl enc -bf -nopad -pass pass:1KjeHD8d6YUI80bIIEAQ9iYr@njqLw3T

and foodec.sh:

#!/bin/sh
openssl enc -bf -nopad -d -pass pass:1KjeHD8d6YUI80bIIEAQ9iYr@njqLw3T

In the .git/config file in your repository you should specify these filters;

[filter "crypt"]
    clean = fooenc.sh
    smudge = foodec.sh

i tried this approach and it occurred me: 

error: cannot run fooenc.sh: No such file or directory
error: cannot fork to run external filter ourenc.sh
error: external filter fooenc.sh failed

Where am i suppose to put this *.sh?

Even that if i try to put 

 [filter "crypt"]
        clean = openssl enc -bf -nopad -pass pass:1KjeHD8d6YUI80bIIEAQ9iYr@njqLw3T
        smudge = openssl enc -bf -nopad -d -pass pass:1KjeHD8d6YUI80bIIEAQ9iYr@njqLw3T

even thought it occurred me:

bad decrypt
3074115260:error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:data not multiple of block length:evp_enc.c:414:
error: external filter openssl enc -bf -nopad -pass pass:1KjeHD8d6YUI80bIIEAQ9iYr@njqLw3T failed 1
error: external filter openssl enc -bf -nopad -pass pass:1KjeHD8d6YUI80bIIEAQ9iYr@njqLw3T failed

Another aproaches were take in place like git-remote-encrypt or another using GnuPG:

In .git/info/attributes use:

myPrivateInfosFile filter=gpg diff=gpg

In your repo .git/config file:

[filter "gpg"]
smudge = gpg -d -q --batch --no-tty
clean = gpg -ea -q --batch --no-tty -r C920A124
[diff "gpg"]
textconv = decrypt

At last, using git-remote-encrypt approach it occured me:

gcrypt: Remote ID is :id:k/a9sdsd332e3442wdaJ
Counting objects: 102, done.
Compressing objects: 100% (71/71), done.
Total 102 (delta 8), reused 0 (delta 0)
gcrypt: Encrypting to: --throw-keyids --default-recipient-self
gcrypt: Requesting manifest signature
gpg: no default secret key: secret key not available
gpg: [stdin]: sign+encrypt failed: secret key not available
error: failed to push some refs to 'gcrypt::rsync:https://example@bitbucket.org/ourstuffteam/our.git'

None of this was a successful approach.

** According to this or others new approaches. How can i encrypt data into git more properly into bitbucket?**

Community
  • 1
ePascoal
  • 141

1 Answers1

1

I used your attempt for some try-and-error and found a solution for your git-remote-gcrypt error. See my question Setting up an encrypted git repository.

You simply need to run 

gpg --gen-key

which starts a dialogue to create a gpg key that can later be used for pushing to bitbucket. Compare the gpg manual

How to manage your keys

       This section explains the main commands for key management

       --gen-key
              Generate a new key pair using the current  default  parameters.   This  is  the
              standard command to create a new key.

              There  is also a feature which allows you to create keys in batch mode. See the
              the manual section ``Unattended key generation'' on how to use this.

Though, I don't know about further usage yet.

edit

I just tried to clone that repository onto another machine. Obviously one needs the gpg-key (and secret-key, whose name is implying that this is a bad idea) for that, so I decided to simply copy mine to the other machine. Sadly it does not work this way, such that we probably need to add other users.

Community
  • 1
BadAtLaTeX
  • 781