Hi, I'm currently planning to implement an strong encryption in git (not like gitcrypt, but with encrypted blobs, directories, etc, directly in the core).
The idea goes like this: * blobs are encrypted with their (original) content hash as encryption keys * directory objects only hold randomized filenames and pointers to the encrypted blob (content hash of the encrypted data) * new ext-directory objects are holding a mapping of the randomized file names to the real ones and the encryption keys, stored encrypted similar to the blobs * ext-directory object is referenced by a special filename in the directory object. * commit objects also hold an encrypted section (eg. uuencoded) with the ext-directory node's key, additional commit text, etc, itself encrypted with the repository key This way, the lowlevel / bare repository operations (including remote sync and gc) should continue to work, while only actual access (eg. checkout or commit) need to be changed and have the repository key available. What do you think about this approach ? cu -- Mit freundlichen Grüßen / Kind regards Enrico Weigelt VNC - Virtual Network Consult GmbH Head Of Development Pariser Platz 4a, D-10117 Berlin Tel.: +49 (30) 3464615-20 Fax: +49 (30) 3464615-59 enrico.weig...@vnc.biz; www.vnc.de -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
