I have a git repo encrypted with openssl
. I have moved the repo to a new host. The original host was using:
» openssl version
OpenSSL 1.0.2g 1 Mar 2016
The current host is using:
» openssl version
OpenSSL 1.1.0g 2 Nov 2017
These are my filters for the git
repo:
[filter "openssl"]
smudge = ~/.gitencrypt/SALT-20131126-01/smudge_filter_openssl
clean = ~/.gitencrypt/SALT-20131126-01/clean_filter_openssl
[diff "openssl"]
textconv = ~/.gitencrypt/SALT-20131126-01/diff_filter_openssl
The encoding filter:
» cat ~/.gitencrypt/SALT-20131126-01/clean_filter_openssl
#!/bin/bash
# 24 or less hex characters
SALT_FIXED=mysalt
PASS_FIXED=mypass
openssl enc -base64 -aes-256-ecb -S $SALT_FIXED -k $PASS_FIXED
The decoding filter:
» cat ~/.gitencrypt/SALT-20131126-01/diff_filter_openssl
#!/bin/bash
# No salt is needed for decryption.
PASS_FIXED=mypass
# Error messages are redirect to /dev/null.
openssl enc -d -base64 -aes-256-ecb -k $PASS_FIXED -in "$1" 2> /dev/null || cat "$1"
I have read that there are changes regarding the default hash used by OpenSSL. I have tried to force the old hash:
» git show HEAD~1:myfile > /tmp/xxx
» openssl enc -d -md md5 -base64 -aes-256-ecb -k mypass -in /tmp/xxx
But still gives me problems:
error reading input file
What else could I try?
git show
command above was already applying a filter, so running theopenssl
command manually was working on already decrypted data, thus failing. The solution is just to update the filter scripts with the-d -md md5
flags. – blueFast Aug 08 '18 at 11:03