Encrypted Repositories?

Jonathan S. Shapiro shap at eros-os.com
Thu Sep 6 17:56:39 CDT 2007

On Thu, 2007-09-06 at 16:03 -0500, Ryan Michael wrote:
> Is there any interest in allowing repositories to be encrypted?  When
> working on projects which are either sensitive or private, it would be
> nice to be able to keep everything encrypted so that if someone
> obtained the repository (stolen laptop, hacked server, etc) the
> information would stay secure.


If somebody steals your laptop, you are going to want encryption on the
whole disk. If you *have* encryption on the whole disk, there is no
reason for HG to implement encryption redundantly.

For disk encryption, there are several existing mechanisms. Loop-back
cryptfs in linux, bitlocker or equivalent in Windows.

None of this will help you on a hacked server unless the files are
*always* encrypted on the server (that is: decryption key not present on
server at all).

I don't know if this will actually work, but it seems to me that it is
worth a try: run gpg on the client side as an import/export filter. I
would be very curious to learn whether this works. The missing link
there is going to be that the commit log entry and other metadata will
not get encrypted. How much of what you want will this buy you? If you
run gpg-keyserver, you won't even need to type pass-phrases.

> [in] central repositories... the data is encrypted using
> the public keys of everyone who has access to the repository.

Lots of waste here. To do this right you want a group key management
scheme, because you will eventually want to be able to revoke the key of
some user.


More information about the Mercurial-devel mailing list