Lib.rs

Cryptography
#git-repository #symmetric-encryption #file-encryption #encryption #git #encryption-decryption #security

nightly bin+lib git-simple-encrypt

Encrypt/decrypt files in git repo using one password

by lxl66566

7 releases (stable)

1.4.0 Nov 20, 2024
1.3.1 Sep 22, 2024
1.3.0 Jul 20, 2024
1.2.1 Jun 30, 2024
0.1.0 May 3, 2024

#772 in Cryptography

MIT license

42KB
957 lines

git-simple-encrypt

English | 简体中文

A very simple and easy to use git encryption tool that encrypts/decrypts your git repositories on any device with one single password. Supports partial file encryption, incremental encryption.

  • Why not use git-crypt?
    • This project is more focused on ease of use than security. Single-password symmetric encryption is my bottom line.

[!WARNING]
This repository does not make any guarantees about encryption security and backward compatibility. (Please use the same major version)

Installation

There are several different ways to install it, you can choose any of them.

  • Download the file from Releases, unzip and place it in C:\Windows\System32 (If you're using Windows) or any Path directory.
  • Using bpm: 
    bpm i git-simple-encrypt -b git-se -q
  • Using scoop: 
    scoop bucket add absx https://github.com/absxsfriends/scoop-bucket
scoop install git-simple-encrypt
  • Using cargo: 
    cargo +nightly install git-simple-encrypt
    or cargo-binstall: 
    cargo binstall git-simple-encrypt

Usage

git-se p                    # Set the password.
git-se add file.txt         # Add `file.txt` to the need-to-be-encrypted list.
git-se add mydir            # Add `mydir` to the need-to-be-encrypted list.
git-se e                    # Encrypt files in list in the current repository.
git-se d                    # Decrypt all files with extension `.enc`, `.zst.enc`.
git-se d 'src/*'            # Decrypt all encrypted files in `src` folder.

Type git-se -h and git-se [subcommand] -h to get more information.

Caution

  • git add -A is automatically executed when encrypting, so make sure that .gitignore is handled properly.
  • Do not add files with .zst, .enc suffixes and folders containing them to the encrypted list.
  • To delete file/dir from encrypt list, edit git_simple_encrypt.toml.
  • encrypt/decrypt will keep the file metadata unchanged (unix permission and timestamp).

Algorithm

graph TD;
    A[Key: 123] -- SHA3_224 --> 602bdc204140db016bee5374895e5568ce422fabe17e064061d80097 -- CUT --> 602bdc204140db016bee5374895e5568 --cipher--> Aes128GcmSiv  -- output--> 14a7dd2666afd854788c80f5518fea892491f23e72798d2fbc67bfc6259610d6f4
    B[Text: '6' * 60] --zstd--> 28b52ffd006045000010363601003f0116 --content--> Aes128GcmSiv
    CONST --NONCE--> Aes128GcmSiv
  • If zstd compression has the opposite effect, skip compression.
  • Decrypt all files with extension .enc, .zst.enc.

Develop

  • for testing, please use cargo test -- --test-threads=1

TODO

  • zstd effect checking
  • partial decrypt

Dependencies

~11–22MB
~290K SLoC