[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: How to make an encrypted svnsynced repository

From: Ton Boelens <ton_at_tonsoftime.com>
Date: Sat, 16 Jan 2010 08:09:29 +0100

On Fri, Jan 15, 2010 at 04:35:08PM -0500, Andy Levy wrote:
> On Fri, Jan 15, 2010 at 16:23, Ton Boelens <ton_at_tonsoftime.com> wrote:
> > Hi,

> > At the moment, my SVN repository is snvsynced to a server in
> > another location. I would like to make this remote repository
> > encrypted on the file level, so that even somebody who has
> > physically access to this server, cannot read the contents of the
> > files.

> > I have searched in the svn manual, with Google and in the past
> > couple of months posts I have of this mailing list, but I could
> > find no reference.

> > Does that mean that there is no way to design a solution to this
> > requirement?

> Wouldn't disk/file-level encryption be a task for the OS? IOW,
> encrypt/decrypt the data as it's written to/read from disk,
> regardless of whether it's a repository or not?

Andy,
If you have physical access to a server that contains the encrypted
disk and the encryption key as well, you can still use the key to open
the disk. How could I solve that?

What we are thinking about is something like this (it's a snippit of a
larger script):

/usr/bin/openssl enc -d -aes-256-cbc -in $1 -out "$BESTAND" -pass file:$PAD/$KEY

This command will create a local copy of the repository, which will
then be rsynced to the remote server*.

I wonder if when I execute this command to the files of a SVN
repository and direct the output to another directory, if the new
directory, when restored (decrypted again) would still be a good
useable repo. I guess we have to do some testing.

Has anybody tried something like this?

 *(this sync would function only as some kind of last resort backup)

Thank you for your reply!

---
Ton Boelens
's-Hertogenbosch, The Netherlands
Received on 2010-01-16 08:10:07 CET

This is an archived mail posted to the Subversion Users mailing list.