4

Based on this question:encrypt files before sending them to cloud.

considering openssl: For example when using openssl we can write the files fooenc.sh:

#!/bin/sh 
openssl enc -bf -nopad -pass pass:1KjeHD8d6YUI80bIIEAQ9iYr@njqLw3T

and foodec.sh:

#!/bin/sh
openssl enc -bf -nopad -d -pass pass:1KjeHD8d6YUI80bIIEAQ9iYr@njqLw3T

In the .git/config file in your repository you should specify these filters;

[filter "crypt"]
    clean = fooenc.sh
    smudge = foodec.sh

i tried this approach and it occurred me: 

error: cannot run fooenc.sh: No such file or directory
error: cannot fork to run external filter ourenc.sh
error: external filter fooenc.sh failed

Where am i suppose to put this *.sh?

Even that if i try to put 

 [filter "crypt"]
        clean = openssl enc -bf -nopad -pass pass:1KjeHD8d6YUI80bIIEAQ9iYr@njqLw3T
        smudge = openssl enc -bf -nopad -d -pass pass:1KjeHD8d6YUI80bIIEAQ9iYr@njqLw3T

even thought it occurred me:

bad decrypt
3074115260:error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:data not multiple of block length:evp_enc.c:414:
error: external filter openssl enc -bf -nopad -pass pass:1KjeHD8d6YUI80bIIEAQ9iYr@njqLw3T failed 1
error: external filter openssl enc -bf -nopad -pass pass:1KjeHD8d6YUI80bIIEAQ9iYr@njqLw3T failed

Another aproaches were take in place like git-remote-encrypt or another using GnuPG:

In .git/info/attributes use:

myPrivateInfosFile filter=gpg diff=gpg

In your repo .git/config file:

[filter "gpg"]
smudge = gpg -d -q --batch --no-tty
clean = gpg -ea -q --batch --no-tty -r C920A124
[diff "gpg"]
textconv = decrypt

At last, using git-remote-encrypt approach it occured me:

gcrypt: Remote ID is :id:k/a9sdsd332e3442wdaJ
Counting objects: 102, done.
Compressing objects: 100% (71/71), done.
Total 102 (delta 8), reused 0 (delta 0)
gcrypt: Encrypting to: --throw-keyids --default-recipient-self
gcrypt: Requesting manifest signature
gpg: no default secret key: secret key not available
gpg: [stdin]: sign+encrypt failed: secret key not available
error: failed to push some refs to 'gcrypt::rsync:https://[email protected]/ourstuffteam/our.git'

None of this was a successful approach.

** According to this or others new approaches. How can i encrypt data into git more properly into bitbucket?**

Improve this question
5
  • Who cares about where to put it? Just use absolute paths. Also, because these commands probably use pipes, use exec when putting these commands in an external script.
    – Daniel B
    Commented Apr 12, 2015 at 11:45
  • yes, you are right. first i used absolute paths outside of repo, but needs permissions. ~/ourenc.sh: 1: ~/ourenc.sh: /home/mypc/ourenc.sh: Permission denied even if i write the command line directly it occurs me Bad Decrypt
    – ePascoal
    Commented Apr 12, 2015 at 12:14
  • If it says “Permission denied” the file wasn’t executable (+x). Can’t help you with the rest, but you might want to try without -nopad.
    – Daniel B
    Commented Apr 12, 2015 at 13:04
  • Please edit your question to remove the noise about being a new user, and make clear where your problem is different from the question you link to. If it's not different then it simply is a duplicate and will be closed as such.
    – Arjan
    Commented Apr 12, 2015 at 13:29
  • @DanielB thans for your suggestion. I don't know why, removing -nopad it works it will encrypt. The unique problem now is how to put .sh files outside the repo since that i need permissions to execute inside .git/config. @Arjan this is not a duplicate question since that it gives 3 approaches to the same problem, for that reason edited this question like you have suggested taking this issue as a question based on another and not duplicate. to solve encrypt issues on git.
    – ePascoal
    Commented Apr 12, 2015 at 13:33

1 Answer 1

Reset to default
1

I used your attempt for some try-and-error and found a solution for your git-remote-gcrypt error. See my question Setting up an encrypted git repository.

You simply need to run 

gpg --gen-key

which starts a dialogue to create a gpg key that can later be used for pushing to bitbucket. Compare the gpg manual

How to manage your keys

       This section explains the main commands for key management

       --gen-key
              Generate a new key pair using the current  default  parameters.   This  is  the
              standard command to create a new key.

              There  is also a feature which allows you to create keys in batch mode. See the
              the manual section ``Unattended key generation'' on how to use this.

Though, I don't know about further usage yet.

edit

I just tried to clone that repository onto another machine. Obviously one needs the gpg-key (and secret-key, whose name is implying that this is a bad idea) for that, so I decided to simply copy mine to the other machine. Sadly it does not work this way, such that we probably need to add other users.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .