[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Encrypted Repositories. . .?

From: Benjamin Podszun <ben_at_galactic-tales.de>
Date: 2007-06-20 11:01:23 CEST

Michael Williams wrote:
> What about a GPGesque setup?
>
> 1) Create keys for client and server.
> 2) Have the client encrypt the files to the server keys
> 3) Have the server decrypt and compare
> 4) Have the server encrypt to the client keys

I fear I still don't see how that would make the system secure.

1) The servers private key has to be available to your svn server.
-> It is accessable by anyone with root access anyway. Don't mention
passphrases etc, because that wouldn't change the problem: Your svn
server now would need to know that passphrase.

3) decrypt means access. The hard way would again be to read the memory
of your svn server process, the easy way is given above. I don't even
understand your concept completely (because it seems that you'd like to
store the files on the server, encrypted by client keys. How do you
decrypt that files again for comparison without private key?), but I
think the main point is:

- Go for your own server
- Use an encrypted filesystem, enter the passphrase manually at boot time

That way you're sure that no one has access to your files and stealing
your harddrive/machine would be useless as soon as it powers off.

Regards,
Ben

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jun 20 11:01:38 2007

This is an archived mail posted to the Subversion Users mailing list.