Auto-encrypt file submissions with public key?

[Matthew England <me...@mengland.net>]

As per: http://svnforum.org/forum/viewtopic.php?t=120 ...

Hello,

I want to be able to provide subversion repositories over the web to a 
secure community (possibly of only a couple people to start with). SSL 
login/access authentication will be nice for starters. However, I'd like to 
go beyond access control; I'd like to automatically encrypt the file contents.

I would like to have Subversion auto-encrypt any file submissions/updates 
to it's repository (with something like a PGP public key), thus requiring 
anyone who gets/reads said file to have some sort of private decryption 
mechanism (like a PGP private key associated with the aforementioned public 
key) in order to view/use/read/access any of the contents of said file.

Does anyone know of some existing mechanisms to do this? I suspect I will 
have to build some things myself, but I'm hoping to minimize my efforts.

The option is that the subversion users simply encrypt the file(s) prior to 
submission, but I'm worried that it will be too easy to forget to do this. 
I'd like to automate this step at the server side. If I can also automate 
the decrypting on the client side, that would be quite convenient, too (but 
a lesser priority they then the server-side encrypting).

-Matt 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Auto-encrypt file submissions with public key?

[Matthew England <me...@mengland.net>]

Per encrypted file systems:

At 10/29/2004 03:59 PM, Matthew England wrote:
>Any other pointers or suggestions?  Suggested communities?

A community and a thread (with more references in itself) I found:

http://www.linuxquestions.org/questions/showthread.php?threadid=191356
http://www.linuxquestions.org/questions/forumdisplay.php?s=&forumid=4

I've found a few other article references, but not that seem quite as good 
as these.

Per SVN-specific authentication:  I did get a generous offer of help from 
another user with seemingly similar goals who described their 
implementation to me, and it sounds quite useful.

Thanks for all feedback!
-Matt 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Auto-encrypt file submissions with public key?

[Matthew England <me...@mengland.net>]

At 10/29/2004 07:59 AM, Max Bowsher wrote:
>Perhaps SSL client certificates would suit your purposes? IIUC, they would 
>perform more-or-less what you are trying to achieve, without you having to 
>write code yourself.

Yes, this might be a good option.  I had not known/thought about SSL 
*client* certificates.  It's something I'll want to look into.  A brief bit 
of googling did not produce much beyong SSL client certs for things like 
Lotus Notes.  Got any open-source/free-of-charge type references you can 
suggest?

>>In any case, this approach apparently is neither easy nor generally
>>practiced in the config-management/subversion community...which is mostly
>>what I wanted to know, and I now I know, or at least have some sort of
>>initial "temperature" reading on this stuff.
>
>Subversion generally delegates complicated authn/authz to Apache, because 
>it is a large flexible pre-existing base of code in this area.
>
>Would an encrypting filesystem combined with SSL client certs provide 
>something near enough to your goal?

I think so, and I very much appreciate your suggesting this alternative.  I 
am checking into this alternative for my linux-based system(s).

>Because that is a solution that could be assembled from "off-the-shelf" 
>components, using unmodified Subversion code.

Yes, that does seem like the way to go after seen your comments, thought 
about this, and done a little more web research (a classic case of 
presuming a solution to my problem only to find other, alternative, better 
ways to skin the cat).

So far, this seems to be the most-promising link:

http://www.linux.com/howtos/Cryptoloop-HOWTO/index.shtml

Any other pointers or suggestions?  Suggested communities?

I may hang around usenet = sci.crypt if I get serious.  I'd be interested 
in any web-forum communities anybody might know, too (as in 
phpBB/vBulletin-look-alike web forums).


Finally:  Any other ways to potentially solve my problem of securing 
confidential data while still distributing it easily over the web?

-Matt


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Auto-encrypt file submissions with public key?

[Max Bowsher <ma...@ukf.net>]

Matthew England wrote:
> At 10/29/2004 03:27 AM, Max Bowsher wrote:
>> Matthew England wrote:
>>> As per: http://svnforum.org/forum/viewtopic.php?t=120 ...
>>>
>>> I would like to have Subversion auto-encrypt any file 
>>> submissions/updates
>>> to it's repository (with something like a PGP public key), thus 
>>> requiring
>>> anyone who gets/reads said file to have some sort of private decryption
>>> mechanism
>>
>> What you propose above would require source code changes (probably quite
>> major) to subversion, and doesn't actually obtain any extra security at
>> all, except in the single circumstance of the server's hard disc being
>> stolen.
>
> ...and in cases where someone cracks the SSL (unlikely) or simply acquires
> the access login/password, assuming I'm understanding things
> correctly.  (Essentially: I see a different between having access to data
> being able to decrypt data.)  I could probably dream up other scenarios.
>
> I would hope private keys can be distributed physically and are much 
> harder
> to "steal" because they are contained in an encoded file...and one could
> theoretically make a different private key for each access (SSL) login
> (possibly).

In that case, the encryption would have to happen on retrieval *from* the 
repository, not on addition *to* the repository.

Perhaps SSL client certificates would suit your purposes? IIUC, they would 
perform more-or-less what you are trying to achieve, without you having to 
write code yourself.

> In any case, this approach apparently is neither easy nor generally
> practiced in the config-management/subversion community...which is mostly
> what I wanted to know, and I now I know, or at least have some sort of
> initial "temperature" reading on this stuff.

Subversion generally delegates complicated authn/authz to Apache, because it 
is a large flexible pre-existing base of code in this area.

Would an encrypting filesystem combined with SSL client certs provide 
something near enough to your goal? Because that is a solution that could be 
assembled from "off-the-shelf" components, using unmodified Subversion code.

Max.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Auto-encrypt file submissions with public key?

[Matthew England <me...@mengland.net>]

At 10/29/2004 03:27 AM, Max Bowsher wrote:
>Matthew England wrote:
>>As per: http://svnforum.org/forum/viewtopic.php?t=120 ...
>>
>>I would like to have Subversion auto-encrypt any file submissions/updates
>>to it's repository (with something like a PGP public key), thus requiring
>>anyone who gets/reads said file to have some sort of private decryption
>>mechanism
>
>What you propose above would require source code changes (probably quite 
>major) to subversion, and doesn't actually obtain any extra security at 
>all, except in the single circumstance of the server's hard disc being stolen.

...and in cases where someone cracks the SSL (unlikely) or simply acquires 
the access login/password, assuming I'm understanding things 
correctly.  (Essentially: I see a different between having access to data 
being able to decrypt data.)  I could probably dream up other scenarios.

I would hope private keys can be distributed physically and are much harder 
to "steal" because they are contained in an encoded file...and one could 
theoretically make a different private key for each access (SSL) login 
(possibly).

In any case, this approach apparently is neither easy nor generally 
practiced in the config-management/subversion community...which is mostly 
what I wanted to know, and I now I know, or at least have some sort of 
initial "temperature" reading on this stuff.

Thanks!
-Matt 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Auto-encrypt file submissions with public key?

[Max Bowsher <ma...@ukf.net>]

Matthew England wrote:
> As per: http://svnforum.org/forum/viewtopic.php?t=120 ...
>
> Hello,
>
> I want to be able to provide subversion repositories over the web to a
> secure community (possibly of only a couple people to start with). SSL
> login/access authentication will be nice for starters. However, I'd like 
> to
> go beyond access control; I'd like to automatically encrypt the file 
> contents.
>
> I would like to have Subversion auto-encrypt any file submissions/updates
> to it's repository (with something like a PGP public key), thus requiring
> anyone who gets/reads said file to have some sort of private decryption
> mechanism (like a PGP private key associated with the aforementioned 
> public
> key) in order to view/use/read/access any of the contents of said file.
>
> Does anyone know of some existing mechanisms to do this? I suspect I will
> have to build some things myself, but I'm hoping to minimize my efforts.

What you propose above would require source code changes (probably quite 
major) to subversion, and doesn't actually obtain any extra security at all, 
except in the single circumstance of the server's hard disc being stolen.

Max.





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org