Encrypted Repositories?

Ryan Michael kerinin at gmail.com
Thu Sep 6 16:03:57 CDT 2007

Is there any interest in allowing repositories to be encrypted?  When
working on projects which are either sensitive or private, it would be
nice to be able to keep everything encrypted so that if someone
obtained the repository (stolen laptop, hacked server, etc) the
information would stay secure.

It seems like two basic changes would be needed: changesets would be
stored encrypted and the working copy would need to be easily
encrypted/decrypted.  The basic use cases I have in mind would be:

1) working repositories would be stored on a user's computer in an
encrypted form.  when the user wants to work with the repository they
decrypt the repository and proceed as usual.  when finished with the
repository it is re-encrypted.  This would require two basic commands
such as 'hg encrypt' and 'hg decrypt'

2) central repositories (as in the SVN-type development model) are
stored on a publicly accessible server.  the data is encrypted using
the public keys of everyone who has access to the repository.  Users
of the repository can interact with it as they would any other
repository (obviously the decryption key would need to be supplied at
some point).

3) the existing ability to email encrypted changesets between
developers would be unchanged, but the two steps of generatinig and
encrypting the changesets could be combined into a single command in

This would dovetail well with the existing GPG signing extension.

I'm not sure what types of changes would need to be made to accomplish
this.  The existing revlog.compress and revlog.decompress functions
seem like ideal locations to insert/hook the encryption and decryption
code.  More work might be needed to make sure that commands play
nicely with an encrypted working copy.

Is this something that seems worthwhile to anyone?


More information about the Mercurial-devel mailing list