i save my notes in a git repository in plaintext (markdown). At present, the distant repository is one other laptop in my appartment. I’m desirous about transferring this distant repository to a distant server. For that, i’ve three questions which i’ll describe on the finish.
- i would like this to be so simple as doable. As few exterior instruments as doable.
- due to this, i do not wish to use git-crypt, since it is extremely complicated and i do not perceive it ok.
- i additionally do not wish to use git annex for the exact same cause.
- the gitignore file of this repository would ignore each file moreover
- to extend the simplicity i cannot obfuscate the filename of the encrypted file. I plan to be simply cautious in regards to the filename and put delicate stuff contained in the file.
- the encryption and decryption can be carried out with an uneven key
- and this very uneven key can be additionally included within the repostiory, AES256 encrpyted.
- perhaps, i might additionally signal every commit with the uneven key which lies encrypted within the repository itself. That might stop an attacker to govern one thing. however i additionally do not know whether it is price to try this?
- as my laptop computer has disk encryption, i do not care about plaintext information mendacity round on this repo (as a result of i edit stuff inside, learn them, and many others.)
- being a git repository, i might mirror it to a number of distant repositories.
For that, i’ve three questions:
1) is that this secure? Clearly random folks can have entry to my distant repository. In fact, i might make the repository personal and use not github, gitlab or one thing like that – however the sysadmin of the server can have entry to this repo, it doesn’t matter what.
- At the least, i’m not competent sufficient to, for example, encrypt the filesystem in such a means that i can confidently say that this distant repository will probably be safe.
2) what key algorithms ought to i take advantage of? ought to i take advantage of ed25519 (which i belief probably the most out of ECC’s in the mean time – though i simply superficially examine it) Or ought to i take advantage of RSA 4096 and even larger?
3) I have no idea if i ought to use
gpg2 or https://github.com/str4d/rage ?
- I dislike the complexity of
rageis a really younger mission. (And that i dislike golang, subsequently i additionally dislike to make use of the its reference implementation age)
- i’ll by no means want the legacy choices of
gpg, so i’ll at all times have the ability to use model 2+