Merge pull request #681 from MechCrafter/main

增加 git-crypt 教程

03-知识管理工具/加密与安全.md

@@ -1,12 +1,232 @@
 ---
 uid: 20230329140202
-title: 加密与安全
+title: 加密与安全（git-crypt）
 description: 
-author: 
+author: MechCrafter
 type: other
 draft: false
 editable: false
-modified: 20230401230258
+modified: 20240226204958
 ---
 
-# 加密与安全
+# 加密与安全
+
+之前在[[Obsidian同步]] 中提到如果使用Github，Gitee 这样的第三方仓库托管可以使用 git-crypt  进行加密处理，本文详细介绍下具体的设置教程。
+
+## git-crypt 教程
+
+**环境配置（Windows）**
+安装
+- [gpg4win](https://www.gpg4win.org/)
+- [git](https://git-scm.com/)
+- [git-crypt](https://github.com/AGWA/git-crypt)
+
+把 `git-crypt.exe` 放到 `git` 目录下
+
+查看环境：
+
+```bash
+gpg --version
+```
+```shell
+gpg (GnuPG) 2.4.3
+libgcrypt 1.10.2
+Copyright (C) 2023 g10 Code GmbH
+License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Home: C:\Users\user\AppData\Roaming\gnupg
+Supported algorithms:
+Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
+Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
+        CAMELLIA128, CAMELLIA192, CAMELLIA256
+Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
+Compression: Uncompressed, ZIP, ZLIB, BZIP2
+```
+
+```bash
+git --vesion
+```
+```shell
+git version 2.42.0.windows.1
+```
+```bash
+git-crypt --version
+```
+```shell
+git-crypt 0.7.0
+```
+
+**`git-crypt` 使用步骤**
+
+1. git 初始化
+
+```bash
+git init
+```
+
+2. 创建 `.gitattributes` 追踪文件
+
+```
+.gitattributes
+```
+
+3. 在 `.gitattributes`  中输入配置：
+
+```
+*.md filter=git-crypt diff=git-crypt
+
+*.xlsx filter=git-crypt diff=git-crypt
+
+*.jpg filter=git-crypt diff=git-crypt
+
+*.png filter=git-crypt diff=git-crypt
+
+# 加密指定文件夹下的md文件
+Test/*.md filter=git-crypt diff=git-crypt
+```
+
+4. 提交 `.gitattributes` 文件
+
+```bash
+git add .gitattributes
+```
+
+```bash
+git commit -m add.gitattributes
+```
+
+5. 生成 `gpg` 密钥（推荐在 `kleopatra` 中生成，因为有 GUI）
+
+```bash
+gpg2 --full-gen-key      < 2.1.17
+gpg --full-generate-key  >= 2.1.17
+```
+
+```shell
+gpg (GnuPG) 2.4.3; Copyright (C) 2023 g10 Code GmbH
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Please select what kind of key you want:
+   (1) RSA and RSA
+   (2) DSA and Elgamal
+   (3) DSA (sign only)
+   (4) RSA (sign only)
+   (9) ECC (sign and encrypt) *default*
+  (10) ECC (sign only)
+  (14) Existing key from card
+Your selection? 1           <--选择密钥类型
+RSA keys may be between 1024 and 4096 bits long.
+What keysize do you want? (3072)         <--选择密钥长度，在 1024到4096 之间，默认为 3072
+Requested keysize is 3072 bits
+Please specify how long the key should be valid.
+         0 = key does not expire
+      <n>  = key expires in n days    <-- <n>  = 密钥在 n 天后过期
+      <n>w = key expires in n weeks   <-- <n>w = 密钥在 n 周后过期
+      <n>m = key expires in n months  <-- <n>m = 密钥在 n 月后过期
+      <n>y = key expires in n years   <-- <n>y = 密钥在 n 年后过期
+Key is valid for? (0)     <--选择密钥有效期
+Key does not expire at all
+Is this correct? (y/N)   <--确认
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: YOUR_NAME      <--输入密钥名称
+Email address: test@test.com       <--输入密钥邮箱
+Comment: test          <--输入密钥注释
+You are using the 'utf-8' character set.
+You selected this USER-ID:
+    "YOUR_NAME (test) <test@test.com>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o  <--最终确认，如果你想修改密钥名称则输入 n，以此类推，最终确认则输入 o
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.    <--这一步输入密钥密码
+gpg: revocation certificate stored as 'C:\\Users\\user\\AppData\\Roaming\\gnupg\\openpgp-revocs.d\\095A4F5A6125D5EB02FE5CB824B8F8F7EAFFD84D.rev'
+public and secret key created and signed.
+
+pub   rsa3072 2024-02-25 [SC]
+      095A4F5A6125D5EB02FE5CB824B8F8F7EAFFD84D
+uid                      YOUR_NAME (test) <test@test.com>
+sub   rsa3072 2024-02-25 [E]
+```
+
+6. `git-crypt` 初始化
+
+```bash
+git-crypt init
+```
+
+7. 把第 5 步生成的密钥导入仓库
+
+```bash
+git-crypt add-gpg-user <gpg pub uid>
+```
+
+8. 正常提交文件
+
+```bash
+git add .
+```
+
+```bash
+git commit -m "all file"
+```
+
+9. 本地加密
+
+```bash
+git-crypt lock
+```
+解密
+
+```bash
+git-crypt unlock
+```
+
+10. 推送到远程就会被自动加密，拉取自动解密，在 kleopatra 中导出私钥备份，在另一台设备上安装 [gpg4win](https://www.gpg4win.org/) 并导入备份好的私钥，拉取就可自动解密
+---
+
+`.gitattributes` 文件配置解释:
+
+```
+*.md filter=git-crypt diff=git-crypt
+
+*.xlsx filter=git-crypt diff=git-crypt
+
+*.jpg filter=git-crypt diff=git-crypt
+
+*.png filter=git-crypt diff=git-crypt
+
+# 加密指定文件夹下的 md 文件
+Test/*.md filter=git-crypt diff=git-crypt
+```
+
+意思是 `.md` `.xlsx` `.jpg` `.png` 文件是被加密文件
+
+---
+
+```bash
+git-crypt status  //查看加密情况
+```
+
+```bash
+$ git-crypt status
+not encrypted: .gitattributes
+    encrypted: secretfile
+```
+
+这表示 `secretfile` 被加密，而 `.gitattributes` 没有被加密。
+
+---
+
+**推荐阅读：**
+
+[GPG 密钥生成 | Gitee]( https://help.gitee.com/repository/ssh-key/how-to-use-gpg-with-gitee )
+
+[GPG入门教程 - 阮一峰的网络日志 ](https://ruanyifeng.com/blog/2013/07/gpg.html)
+
+**[git-crypt](https://mechcrafter.github.io/2024/02/25/git-crypt-%E6%95%99%E7%A8%8B/)**

10-Obsidian/Obsidian基本使用/Obsidian同步.md

@@ -17,7 +17,7 @@ modified: 20230607140423
 - 稳定，安全，全平台，价格贵，不折腾：Obsidian 官方同步
 - 稳定，安全，全平台，价格便宜，不折腾：Obsidian 官方同步合租
 - 稳定，安全，全平台，价格免费，折腾：Git 配合自建的仓库托管
-- 稳定，较安全，全平台，价格免费，较折腾：Git 配合 Github，Gitee 这样的第三方仓库托管，这里的较安全主要考虑到 Gitee，Github 有一定审核。但可以使用 git-crypt 进行加密处理。
+- 稳定，较安全，全平台，价格免费，较折腾：Git 配合 Github，Gitee 这样的第三方仓库托管，这里的较安全主要考虑到 Gitee，Github 有一定审核。但可以使用 [[加密与安全|git-crypt]] 进行加密处理。
 - 稳定，安全，非 IOS 平台，价格免费，不折腾：[[Syncthing]]
 - 稳定，安全，全平台，价格还行，较折腾：Obsidian 插件，Remotely Save，Obsidian liveSync，折腾的点在全平台同步，须配合其它软件使用
 - 较稳定，安全，非 Linux 平台，价格还行，不折腾：icloud，onedrive