I save my notes in a git repository in plaintext (markdown). At present, the distant repository is one other pc in my appartment. I’m occupied with shifting this distant repository to a distant server.
- I need this to be so simple as doable. As few exterior instruments as doable.
- Due to this, i do not wish to use git-crypt, since it is vitally complicated and I do not perceive it ok.
- I additionally do not wish to use git annex for the exact same purpose.
- The gitignore file of this repository would ignore each file in addition to
- To extend the simplicity I can’t obfuscate the filename of the encrypted file. I plan to simply be cautious concerning the filename and never put delicate stuff contained in the file.
- The encryption and decryption could be executed with an uneven key, and this very uneven key could be additionally included within the repostiory, AES256 encrpyted.
- Possibly, I may additionally signal every commit with the uneven key which lies encrypted within the repository itself. That might stop an attacker to govern one thing. However I additionally do not know whether it is price to do this?
- As my laptop computer has disk encryption, I do not care about plaintext information mendacity round on this repo (as a result of I edit stuff inside, learn them, and so on.)
- Being a git repository, I may mirror it to a number of distant repositories.
For that, I’ve three questions:
Is that this protected? Clearly random folks may have entry to my distant repository. In fact, I may make the repository non-public and never use github, gitlab or one thing like that – however the sysadmin of the server may have entry to this repo, it doesn’t matter what.
- Not less than, I’m not competent sufficient to, for example, encrypt the filesystem in such a approach that I can confidently say that this distant repository might be safe.
What key algorithms ought to I take advantage of? Ought to I take advantage of ed25519 (which I belief essentially the most out of ECC’s for the time being – though I simply superficially examine it) Or ought to i exploit RSA 4096 and even larger?
I have no idea if I ought to use gpg2 or rage?
- I dislike the complexity of gpg, however rage is a really younger mission. (And I dislike Golang, due to this fact I additionally dislike to make use of the its reference implementation age.)
- I’ll by no means want the legacy choices of gpg, so i’ll at all times have the ability to use model 2+.