From 082e652a36a2089032ef1b06b5f4d8dd86f9b4de Mon Sep 17 00:00:00 2001 From: "http://joeyh.name/" Date: Mon, 4 Nov 2013 17:07:56 +0000 Subject: [PATCH 1/3] Added a comment --- ...ent_9_3784e0c828cd60b6a9075c2d32d070cc._comment | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 doc/tips/fully_encrypted_git_repositories_with_gcrypt/comment_9_3784e0c828cd60b6a9075c2d32d070cc._comment diff --git a/doc/tips/fully_encrypted_git_repositories_with_gcrypt/comment_9_3784e0c828cd60b6a9075c2d32d070cc._comment b/doc/tips/fully_encrypted_git_repositories_with_gcrypt/comment_9_3784e0c828cd60b6a9075c2d32d070cc._comment new file mode 100644 index 0000000000..15f8076167 --- /dev/null +++ b/doc/tips/fully_encrypted_git_repositories_with_gcrypt/comment_9_3784e0c828cd60b6a9075c2d32d070cc._comment @@ -0,0 +1,14 @@ +[[!comment format=mdwn + username="http://joeyh.name/" + ip="209.250.56.47" + subject="comment 9" + date="2013-11-04T17:07:55Z" + content=""" +\"We could symetrically encrypt the repository with a keyfile that's stored in the repository itself\" + +Then you would need to decrypt the repository in order get the key you need to decrypt the repository. The impossibility of this design is why I didn't do that! + +It would certianly be possible to store a non-encrypted gpg key alongside the repsitory encrypted with it, but then you have to rely on a passphrase for all your security. + +You should file a bug report for the bug you saw.. +"""]] From d0a48ac2dad808a0d9f819a3ccdc21358daa34a5 Mon Sep 17 00:00:00 2001 From: "http://joeyh.name/" Date: Mon, 4 Nov 2013 17:12:05 +0000 Subject: [PATCH 2/3] Added a comment --- ...comment_6_76ccdf0542e76e4dbd61f3b3228d40ba._comment | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 doc/bugs/git-annex-shell:_gcryptsetup_permission_denied/comment_6_76ccdf0542e76e4dbd61f3b3228d40ba._comment diff --git a/doc/bugs/git-annex-shell:_gcryptsetup_permission_denied/comment_6_76ccdf0542e76e4dbd61f3b3228d40ba._comment b/doc/bugs/git-annex-shell:_gcryptsetup_permission_denied/comment_6_76ccdf0542e76e4dbd61f3b3228d40ba._comment new file mode 100644 index 0000000000..0ad9768f60 --- /dev/null +++ b/doc/bugs/git-annex-shell:_gcryptsetup_permission_denied/comment_6_76ccdf0542e76e4dbd61f3b3228d40ba._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="http://joeyh.name/" + ip="209.250.56.47" + subject="comment 6" + date="2013-11-04T17:12:05Z" + content=""" +It's entirely normal for `git annex get --from remote` to skip files that it does not think are present on the remote. + +What does `git annex whereis` say? +"""]] From 26b4e5af3e04acb565d04bb653df471bde24e3a5 Mon Sep 17 00:00:00 2001 From: tanen Date: Mon, 4 Nov 2013 17:58:36 +0000 Subject: [PATCH 3/3] Added a comment --- ...t_10_4440a80d64c60c7312d5c405d54e607a._comment | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 doc/tips/fully_encrypted_git_repositories_with_gcrypt/comment_10_4440a80d64c60c7312d5c405d54e607a._comment diff --git a/doc/tips/fully_encrypted_git_repositories_with_gcrypt/comment_10_4440a80d64c60c7312d5c405d54e607a._comment b/doc/tips/fully_encrypted_git_repositories_with_gcrypt/comment_10_4440a80d64c60c7312d5c405d54e607a._comment new file mode 100644 index 0000000000..4ee70bcd70 --- /dev/null +++ b/doc/tips/fully_encrypted_git_repositories_with_gcrypt/comment_10_4440a80d64c60c7312d5c405d54e607a._comment @@ -0,0 +1,15 @@ +[[!comment format=mdwn + username="tanen" + ip="83.128.159.25" + subject="comment 10" + date="2013-11-04T17:58:36Z" + content=""" +> \"We could symetrically encrypt the repository with a keyfile that's stored in the repository itself\" +> Then you would need to decrypt the repository in order get the key you need to decrypt the repository. The impossibility of this design is why I didn't do that! + +Sorry, I ment that the file containing the symmetric encryption key should obviously not be used to encrypt itself, it would be stored in the repository \"unencrypted\" (but protected with a passphrase) + +> store a non-encrypted gpg key alongside the repsitory encrypted with it, but then you have to rely on a passphrase for all your security. + +Exactly. I think such a mode be a great addition. It might not be as secure as encryption based on a private key - depending on the passphrase strength -, but it would certainly be a lot more convenient and portable (and still much more secure than the shared encryption method). +"""]]