Also see Encrypt/decrypt files using Docker and OpenSSL, a much simplier example based on this repository.
Proof of concept - Encrypt markdown files and store encrypted version on github
Idea of this proof-of-concept is to show how to encrypt files with a SSL key and allow to store these files on github, in a public repository.
Keeping the key for the decryption in a private place (like on a hard disk) will allow to decrypt files locally.
So, in short, POC to show how to use a public repository keeping content hidden.
First, you'll need to install OpenSSL on your computer:
- Go to https://slproweb.com/products/Win32OpenSSL.html
- Download the
Win64 OpenSSL v1.1.1d Light
file - Start the setup process (default install directory will be
C:\Program Files\OpenSSL-Win64
)
Tip: add the C:\Program Files\OpenSSL-Win64\bin
folder in your PATH
so you can call the openssl
command from anywhere.
Under a DOS Prompt Session, run the following command:
openssl enc -aes-256-cbc -salt -pbkdf2 -a -in SOURCE.TXT -out ENCRYPTED.TXT -k MyHiddEnPassw0rd
Option | Description |
---|---|
enc |
Encoding with Ciphers |
-aes-256-cbc |
The encryption cipher to be used |
-salt |
Adds strength to the encryption |
-pbkdf2 |
Generate a PBKDF2 key derivation of a supplied password |
-a |
Encrypted data should be in Base64 and not binary |
-in |
Specifies the input file |
-out |
Specifies the output file |
-k |
Provide the password to use for the encryption |
See file encrypt_samples.cmd
for a sample.
Under a DOS Prompt Session, run the following command:
openssl enc -aes-256-cbc -salt -pbkdf2 -a -d -in ENCRYPTED.TXT -out DECRYPTED.TXT -k MyHiddEnPassw0rd
Option | Description |
---|---|
enc |
Encoding with Ciphers |
-aes-256-cbc |
The encryption cipher to be used |
-salt |
Adds strength to the encryption |
-pbkdf2 |
Generate a PBKDF2 key derivation of a supplied password |
-a |
Encrypted data should be in Base64 and not binary |
-d |
Decrypt action |
-in |
Specifies the input file |
-out |
Specifies the output file |
-k |
Provide the password to use for the decryption |
See file decrypt_samples.cmd
for a sample.
Make sure to add to the .gitignore
with, at least, this content:
decrypt.cmd
encrypt.cmd
decrypted/
decrypt.cmd
- The batch for the decryption. That script can contains the password in plain-text.encrypt.cmd
- The batch for the encryption. That script can contains the password in plain-text.decrypted/
- Ignore the folder with decrypted files.
Note: in this proof-of-concept and for demo purposes, files and folder aren't part of the .gitignore
file. In your real-life use cases, don't forget to fill in the .gitignore
file..
- Make a copy of
decrypt_samples.cmd
todecrypt.cmd
andencrypt_samples.cmd
toencrypt.cmd
. - Edit
decrypt.cmd
andencrypt.cmd
to set your own password.
By using a pre-commit
hook; you can automate the encryption of new notes. By writing a custom script of your owns, you can detect the list of changes (with a git status
command) and run the encryption for all these notes. Encrypted version should be saved in the encrypted
folder to complete the automation.
Part of information's have been found on https://www.shellhacks.com/encrypt-decrypt-file-password-openssl/