Client Side Encryption

freakinpenguin edited this page Jul 24, 2013 · 7 revisions

SparkleShare has the option to encrypt your files using OpenSSL's implementation of AES-256-CBC before they are being sent over to the host. This feature only works for new projects.

To use this feature, simply create an empty Git repository, but make sure it has -crypto in its name. Add the project to SparkleShare as you normally would and you'll be asked to provide a password. Alternatively you can use the dazzle-script with the following command:

sudo dazzle create-encrypted PROJECT_NAME

Make sure your password is strong, as it can can't be changed later. If you forget your password your files will be lost forever (unless scientists invent a working quantum computer and you can get one for a reasonable price).

You can also add more clients like you normally would too: you'll again be asked for the password to decrypt the files once they've been downloaded.

Please note that although file contents can't be retrieved on the server, file names can be.

Also: simultaneous edits are not merged by git since it has no access to the contents of the files. So this means that two edits in different parts of a file will always lead to conflicted versions, even when they could be merged by git (which is what happens when the repo is not encrypted).

Tutorial: Client-Side-Online-Decryption-of-Text-Files-Using-git-instaweb