What's good way of revision control PGP encrypted text files?

What's a good approach to revision control PGP encrypted text files?

The g开发者_如何学Gooal is to

• only store PGP encrypted (preferably with ASCII armor) text files any where, in local repository (working copy) and remote repository ("central" repository, logically).

• preserve privacy enabled by PGP encryption (by using GnuPG for example) in repositories where revision history will be stored

• when possible, reduce storage overhead

If one just revision control the PGP encrypted and ASCII armored text file, as its entire content will change every time when it is decrypted for editing and then encrypted before being stored and committed to revision control repositories, the diff will be roughly proportional to the file size, and will grow fast even if the change in decrypted text is small.

You seem to be ordering up a square circle. An important goal of encryption is to avoid any correlation between small changes in plaintext and ciphertext. So, if you ask the poor VCS to deal with encrypted files, you can say goodbye to reasonable space consumption or any deltas.

It's not clear to me if you are looking to encrypt all of your files or just a few. If the former, it seems to me that you need to go hunting a VCS that encrypts on the way to and from storage.

If I had this problem, I would be tempted to fork git and experiment with marrying it to gpg.

I was thinking that you could perhaps do some encrypted computation, i.e. you can encrypt the data in a way that the computer can do certain computations with it without knowing its value. However, I don't think that would be possible with a diff. Whatever solution you're going to do needs to actually ask you for the password every time it takes a diff, and decrypt the file and re-encrypt the diff.

Hmmm...searching some more, it's looking like what you'd want is http://en.wikipedia.org/wiki/Homomorphic_encryption which is homomorphically preserving the "diff" operation (although your restriction is somewhat relaxed, as your output domain can be different than your input).

Can you encrypt a PGP file for shared access? I think you can't PGP only allows one person who knows the secret key to access the data. Version control systems are used for shared access so this is problematic.

Another issue is most revision control systems compute and store deltas, and they need to know the plain text representation of the files anyway.

If they do, nothing prevents you secure access to the underlying store. For example store data in the encrypted file system. It won't be PGP encrypted but it will be encrypted.

Anyway, what is the goal of that PGP encryption you are trying to achieve? Maybe there are other ways than PGP to achieve this goal?

I'm not aware of any implementation of revision control system that supported PGP or even asymmetric cryptography in general. I doubt that it exists / practical.

Again this all comes down to question 'what for'. Can you explain what is the end goal you are trying to achieve by using PGP fo revision control system?