0

I have a git repo encrypted with openssl. I have moved the repo to a new host. The original host was using:

» openssl version
OpenSSL 1.0.2g 1 Mar 2016

The current host is using:

» openssl version
OpenSSL 1.1.0g  2 Nov 2017

These are my filters for the git repo:

[filter "openssl"]
    smudge = ~/.gitencrypt/SALT-20131126-01/smudge_filter_openssl
    clean = ~/.gitencrypt/SALT-20131126-01/clean_filter_openssl
[diff "openssl"]
    textconv = ~/.gitencrypt/SALT-20131126-01/diff_filter_openssl

The encoding filter:

» cat ~/.gitencrypt/SALT-20131126-01/clean_filter_openssl
#!/bin/bash

# 24 or less hex characters
SALT_FIXED=mysalt
PASS_FIXED=mypass

openssl enc -base64 -aes-256-ecb -S $SALT_FIXED -k $PASS_FIXED

The decoding filter:

» cat ~/.gitencrypt/SALT-20131126-01/diff_filter_openssl
#!/bin/bash

# No salt is needed for decryption.
PASS_FIXED=mypass
# Error messages are redirect to /dev/null.
openssl enc -d -base64 -aes-256-ecb -k $PASS_FIXED -in "$1" 2> /dev/null || cat "$1"

I have read that there are changes regarding the default hash used by OpenSSL. I have tried to force the old hash:

» git show HEAD~1:myfile > /tmp/xxx
» openssl enc -d -md md5 -base64 -aes-256-ecb -k mypass -in /tmp/xxx 

But still gives me problems:

error reading input file

What else could I try?

blueFast
  • 1,258
  • 1
    Can you downgrade the openssl package temporarily? (I know it's not solution, but just workaround to get to data) – Jaroslav Kucera Aug 08 '18 at 08:58
  • @JaroslavKucera thanks, but found the solution. If my analisys is correct, the git show command above was already applying a filter, so running the openssl command manually was working on already decrypted data, thus failing. The solution is just to update the filter scripts with the -d -md md5 flags. – blueFast Aug 08 '18 at 11:03
  • Good, make it answer then :-) – Jaroslav Kucera Aug 08 '18 at 13:59

0 Answers0