You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Sascha Herpers <he...@wiso.uni-koeln.de> on 2005/10/26 09:35:16 UTC
file encryption
Hello,
I don't know if it is a dumn question (sorry if so), but can files
stored in a repository be encrypted? The server, that is to host
subversion, is maintained by students working for our chair. They must
not be able to read the contents of the repositories.
Is there a way to automatically encrypt the files before storing them in
a repository. It would be okay if all repositories would be encrypted in
the same way.
Thanks for any hint,
Sascha Herpers
--
_____________________________________________________________
Sascha Herpers
Universität zu Köln
Seminar für Supply Chain Management und Produktion
Albertus-Magnus-Platz
50923 Köln
E-Mail: herpers@wiso.uni-koeln.de
Tel.: (0221) 4 70 - 37 40
Fax: (0221) 4 70 - 51 40
WWW: http://www.scmp.uni-koeln.de
_____________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: file encryption
Posted by Kalin KOZHUHAROV <ka...@thinrope.net>.
Martin Eisenhardt wrote:
[snip]
>> but can files stored in a repository be encrypted?
>> The server, that is to host subversion, is maintained by students working for our chair.
>> They must not be able to read the contents of the repositories.
>
> Try solving these issues with traditional Linux/Unix/Windows tools, file
> system access privileges, or similar.
That will not do the trick, as others posted below.
>>Is there a way to automatically encrypt the files before storing them in
>>a repository. It would be okay if all repositories would be encrypted in
>>the same way.
If you carefully define "before storing" then yes, there can be a way out.
If only we had client-side hooks... but we don't, at least for the foreseeable future.
So you need a wrapper. A wrapper that encrypts the files on-the-fly, before they leave _your_
machine. They will be stored on the server encrypted. They will be checkout-ed (I know this is wrong
English) or exported encrypted, so you need to decrypt them on-the-fly. In your working directory
they will be decrypted (i.e. plain text, or whatever original format), so any _local_ diffs will
work just as before.
Cool! I actually like this idea very much!
You can use PGP (like from gnupg) or other (X.509) form of strong encryption.
And if you dig deep enough in the source of the library, this all can be transparent, absolutely
transparent to implement!
> That way, subversion would not be able to derive diffs between files, so the
> repository would soon grow HUGE
Yes, unfortunately. If the diffs are small, your encryption algorithm is weak.
> and larger parts of subversion's functionality would seize to work.
Not sure what is meant here. More details?
> It would be very similar to the case where you only have binary files in a repository:
> no diffs, no incremental updates, ...
You can have diffs in binary files if your client can handle them. A very easy, more like
proof-of-concept, example is a compressed (gzip-ed) xml file: Use vimdiff and you have it
uncompressed on-the-fly (WARNING: not tested!).
If only I had more time to implement all great ideas...
Bear in mind, that this is more like a trick in your situation. Even the strongest encryption can be
broken in a certain amount of time. And in this scheme changing the keys is not a big option. Plus
the inherited weakening (by providing diffs of the same plain text) might be a factor.
Kalin.
--
|[ ~~~~~~~~~~~~~~~~~~~~~~ ]|
+-> http://ThinRope.net/ <-+
|[ ______________________ ]|
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: file encryption
Posted by Martin Eisenhardt <ma...@wiai.uni-bamberg.de>.
Hi,
On Wednesday 26 October 2005 12:12, Sascha Herpers wrote:
> Hi,
>
> > Try solving these issues with traditional Linux/Unix/Windows tools, file
> > system access privileges, or similar.
>
> that sounds good. Since I can use windows logon credentials to access
> subversion, can the repository use the user name and password as well?
> That way I would have exactly what I want: a repository accessible only
> by certain users, even if they would access the server directly with a
> file manager...
first things first: I use Linux and am therefore by far no expert in Windows.
But AFAICT, you may give all your subversion users a Windows file share
containing the repository and secure the folder containing the repository
with appropriate file system measures.
Your subversion user have to use the file:// protocol of subversion (so no
subversion server process is needed).
But be aware that the file://-protocol of subversion may not work as reliable
as a client/server approach.
HTH
Martin Eisenhardt
> Regards,
> Sascha
--
Dipl. Wirtsch.Inf. (Univ.) Martin Eisenhardt
Otto-Friedrich-University Bamberg
Department Business Informatics and Applied Computer Science
Media Informatics Group
D - 96045 Bamberg
fon: +49 (951) 863 2856
fax: +49 (951) 863 2852
www: http://www.mneisen.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: file encryption
Posted by Sascha Herpers <he...@wiso.uni-koeln.de>.
Hi,
> Try solving these issues with traditional Linux/Unix/Windows tools, file
> system access privileges, or similar.
that sounds good. Since I can use windows logon credentials to access
subversion, can the repository use the user name and password as well?
That way I would have exactly what I want: a repository accessible only
by certain users, even if they would access the server directly with a
file manager...
Regards,
Sascha
--
_____________________________________________________________
Sascha Herpers
Universität zu Köln
Seminar für Supply Chain Management und Produktion
Albertus-Magnus-Platz
50923 Köln
E-Mail: herpers@wiso.uni-koeln.de
Tel.: (0221) 4 70 - 37 40
Fax: (0221) 4 70 - 51 40
WWW: http://www.scmp.uni-koeln.de
_____________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: file encryption
Posted by Martin Eisenhardt <ma...@wiai.uni-bamberg.de>.
Hello Sascha,
On Wednesday 26 October 2005 11:35, Sascha Herpers wrote:
> Hello,
>
> I don't know if it is a dumn question (sorry if so),
You know: there are no dumb questions, only dumb answers.
> but can files
> stored in a repository be encrypted? The server, that is to host
> subversion, is maintained by students working for our chair. They must
> not be able to read the contents of the repositories.
Try solving these issues with traditional Linux/Unix/Windows tools, file
system access privileges, or similar.
> Is there a way to automatically encrypt the files before storing them in
> a repository. It would be okay if all repositories would be encrypted in
> the same way.
That way, subversion would not be able to derive diffs between files, so the
repository would soon grow HUGE, and larger parts of subversion's
functionality would seize to work. It would be very similar to the case where
you only have binary files in a repository: no diffs, no incremental
updates, ...
> Thanks for any hint,
> Sascha Herpers
You're welcome!
Kindest regards
Martin Eisenhardt
--
Dipl. Wirtsch.Inf. (Univ.) Martin Eisenhardt
Otto-Friedrich-University Bamberg
Department Business Informatics and Applied Computer Science
Media Informatics Group
D - 96045 Bamberg
fon: +49 (951) 863 2856
fax: +49 (951) 863 2852
www: http://www.mneisen.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org