gitattributes file to disable encryption). Even the smallest change to an encrypted file requires git to store the entire changed file, instead of just a delta.Īlthough git-crypt protects individual file contents with a SHA-1 HMAC, git-crypt cannot be used securely unless the entire repository is protected against tampering (an attacker who can mutate your repository can alter your. This problem is discussed in more detail in Issue #47.įiles encrypted with git-crypt are not compressible. For example, even if a key was rotated at one point in history, a user having the previous key can still access previous repository history.
This is because it is an inherently complex problem in the context of historical data. This applies to both multi-user GPG mode (there's no del-gpg-user command to complement add-gpg-user) and also symmetric key mode (there's no support for rotating the key). Git-crypt does not support revoking access to an encrypted repository which was previously granted. Git-crypt does not hide when a file does or doesn't change, the length of a file, or the fact that two files are identical (see "Security" section above). Git-crypt does not encrypt file names, commit messages, symlink targets, gitlinks, or other metadata. (Note: no endorsement is made of git-remote-gcrypt's security.) For encrypting an entire repository, consider using a system like git-remote-gcrypt instead. Where git-crypt really shines is where most of your repository is public, but you have a few files (perhaps private keys named *.key, or a file with API credentials) which you need to encrypt. As such, git-crypt is not the best tool for encrypting most or all of the files in a repository.
To do this, open up your PowerShell console and run choco install OpenSSL.Lightas shown below.Git-crypt relies on git filters, which were not designed with encryption in mind.
Installing OpenSSL on Windows 10 with PowerShell and ChocolateyĪssuming you have installed Chocolatey using the installation instructions, your first task is to install OpenSSL on Windows 10.
PowerShell ISE, Visual Studio Code or any text editor of your choiceĪll screenshots in this guide were taken from Windows 10 build 1909 and PowerShell 7.
Update PowerShell Profile Environment Variables.Installing OpenSSL on Windows 10 with PowerShell and Chocolatey.