diff --git "a/03-\347\237\245\350\257\206\347\256\241\347\220\206\345\267\245\345\205\267/\345\212\240\345\257\206\344\270\216\345\256\211\345\205\250.md" "b/03-\347\237\245\350\257\206\347\256\241\347\220\206\345\267\245\345\205\267/\345\212\240\345\257\206\344\270\216\345\256\211\345\205\250.md" index 8f4bd47e0..71b3d28c9 100644 --- "a/03-\347\237\245\350\257\206\347\256\241\347\220\206\345\267\245\345\205\267/\345\212\240\345\257\206\344\270\216\345\256\211\345\205\250.md" +++ "b/03-\347\237\245\350\257\206\347\256\241\347\220\206\345\267\245\345\205\267/\345\212\240\345\257\206\344\270\216\345\256\211\345\205\250.md" @@ -1,12 +1,232 @@ --- uid: 20230329140202 -title: 加密与安全 +title: 加密与安全(git-crypt) description: -author: +author: MechCrafter type: other draft: false editable: false -modified: 20230401230258 +modified: 20240226204958 --- -# 加密与安全 \ No newline at end of file +# 加密与安全 + +之前在[[Obsidian同步]] 中提到如果使用Github,Gitee 这样的第三方仓库托管可以使用 git-crypt 进行加密处理,本文详细介绍下具体的设置教程。 + +## git-crypt 教程 + +**环境配置(Windows)** +安装 +- [gpg4win](https://www.gpg4win.org/) +- [git](https://git-scm.com/) +- [git-crypt](https://github.com/AGWA/git-crypt) + +把 `git-crypt.exe` 放到 `git` 目录下 + +查看环境: + +```bash +gpg --version +``` +```shell +gpg (GnuPG) 2.4.3 +libgcrypt 1.10.2 +Copyright (C) 2023 g10 Code GmbH +License GNU GPL-3.0-or-later +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Home: C:\Users\user\AppData\Roaming\gnupg +Supported algorithms: +Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA +Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, + CAMELLIA128, CAMELLIA192, CAMELLIA256 +Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 +Compression: Uncompressed, ZIP, ZLIB, BZIP2 +``` + +```bash +git --vesion +``` +```shell +git version 2.42.0.windows.1 +``` +```bash +git-crypt --version +``` +```shell +git-crypt 0.7.0 +``` + +**`git-crypt` 使用步骤** + +1. git 初始化 + +```bash +git init +``` + +2. 创建 `.gitattributes` 追踪文件 + +``` +.gitattributes +``` + +3. 在 `.gitattributes` 中输入配置: + +``` +*.md filter=git-crypt diff=git-crypt + +*.xlsx filter=git-crypt diff=git-crypt + +*.jpg filter=git-crypt diff=git-crypt + +*.png filter=git-crypt diff=git-crypt + +# 加密指定文件夹下的md文件 +Test/*.md filter=git-crypt diff=git-crypt +``` + +4. 提交 `.gitattributes` 文件 + +```bash +git add .gitattributes +``` + +```bash +git commit -m add.gitattributes +``` + +5. 生成 `gpg` 密钥(推荐在 `kleopatra` 中生成,因为有 GUI) + +```bash +gpg2 --full-gen-key < 2.1.17 +gpg --full-generate-key >= 2.1.17 +``` + +```shell +gpg (GnuPG) 2.4.3; Copyright (C) 2023 g10 Code GmbH +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Please select what kind of key you want: + (1) RSA and RSA + (2) DSA and Elgamal + (3) DSA (sign only) + (4) RSA (sign only) + (9) ECC (sign and encrypt) *default* + (10) ECC (sign only) + (14) Existing key from card +Your selection? 1 <--选择密钥类型 +RSA keys may be between 1024 and 4096 bits long. +What keysize do you want? (3072) <--选择密钥长度,在 1024到4096 之间,默认为 3072 +Requested keysize is 3072 bits +Please specify how long the key should be valid. + 0 = key does not expire + = key expires in n days <-- = 密钥在 n 天后过期 + w = key expires in n weeks <-- w = 密钥在 n 周后过期 + m = key expires in n months <-- m = 密钥在 n 月后过期 + y = key expires in n years <-- y = 密钥在 n 年后过期 +Key is valid for? (0) <--选择密钥有效期 +Key does not expire at all +Is this correct? (y/N) <--确认 + +GnuPG needs to construct a user ID to identify your key. + +Real name: YOUR_NAME <--输入密钥名称 +Email address: test@test.com <--输入密钥邮箱 +Comment: test <--输入密钥注释 +You are using the 'utf-8' character set. +You selected this USER-ID: + "YOUR_NAME (test) " + +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o <--最终确认,如果你想修改密钥名称则输入 n,以此类推,最终确认则输入 o +We need to generate a lot of random bytes. It is a good idea to perform +some other action (type on the keyboard, move the mouse, utilize the +disks) during the prime generation; this gives the random number +generator a better chance to gain enough entropy. <--这一步输入密钥密码 +gpg: revocation certificate stored as 'C:\\Users\\user\\AppData\\Roaming\\gnupg\\openpgp-revocs.d\\095A4F5A6125D5EB02FE5CB824B8F8F7EAFFD84D.rev' +public and secret key created and signed. + +pub rsa3072 2024-02-25 [SC] + 095A4F5A6125D5EB02FE5CB824B8F8F7EAFFD84D +uid YOUR_NAME (test) +sub rsa3072 2024-02-25 [E] +``` + +6. `git-crypt` 初始化 + +```bash +git-crypt init +``` + +7. 把第 5 步生成的密钥导入仓库 + +```bash +git-crypt add-gpg-user +``` + +8. 正常提交文件 + +```bash +git add . +``` + +```bash +git commit -m "all file" +``` + +9. 本地加密 + +```bash +git-crypt lock +``` +解密 + +```bash +git-crypt unlock +``` + +10. 推送到远程就会被自动加密,拉取自动解密,在 kleopatra 中导出私钥备份,在另一台设备上安装 [gpg4win](https://www.gpg4win.org/) 并导入备份好的私钥,拉取就可自动解密 +--- + +`.gitattributes` 文件配置解释: + +``` +*.md filter=git-crypt diff=git-crypt + +*.xlsx filter=git-crypt diff=git-crypt + +*.jpg filter=git-crypt diff=git-crypt + +*.png filter=git-crypt diff=git-crypt + +# 加密指定文件夹下的 md 文件 +Test/*.md filter=git-crypt diff=git-crypt +``` + +意思是 `.md` `.xlsx` `.jpg` `.png` 文件是被加密文件 + +--- + +```bash +git-crypt status //查看加密情况 +``` + +```bash +$ git-crypt status +not encrypted: .gitattributes + encrypted: secretfile +``` + +这表示 `secretfile` 被加密,而 `.gitattributes` 没有被加密。 + +--- + +**推荐阅读:** + +[GPG 密钥生成 | Gitee]( https://help.gitee.com/repository/ssh-key/how-to-use-gpg-with-gitee ) + +[GPG入门教程 - 阮一峰的网络日志 ](https://ruanyifeng.com/blog/2013/07/gpg.html) + +**[git-crypt](https://mechcrafter.github.io/2024/02/25/git-crypt-%E6%95%99%E7%A8%8B/)** \ No newline at end of file diff --git "a/10-Obsidian/Obsidian\345\237\272\346\234\254\344\275\277\347\224\250/Obsidian\345\220\214\346\255\245.md" "b/10-Obsidian/Obsidian\345\237\272\346\234\254\344\275\277\347\224\250/Obsidian\345\220\214\346\255\245.md" index 313fbec2f..56f52e9b4 100644 --- "a/10-Obsidian/Obsidian\345\237\272\346\234\254\344\275\277\347\224\250/Obsidian\345\220\214\346\255\245.md" +++ "b/10-Obsidian/Obsidian\345\237\272\346\234\254\344\275\277\347\224\250/Obsidian\345\220\214\346\255\245.md" @@ -17,7 +17,7 @@ modified: 20230607140423 - 稳定,安全,全平台,价格贵,不折腾:Obsidian 官方同步 - 稳定,安全,全平台,价格便宜,不折腾:Obsidian 官方同步合租 - 稳定,安全,全平台,价格免费,折腾:Git 配合自建的仓库托管 -- 稳定,较安全,全平台,价格免费,较折腾:Git 配合 Github,Gitee 这样的第三方仓库托管,这里的较安全主要考虑到 Gitee,Github 有一定审核。但可以使用 git-crypt 进行加密处理。 +- 稳定,较安全,全平台,价格免费,较折腾:Git 配合 Github,Gitee 这样的第三方仓库托管,这里的较安全主要考虑到 Gitee,Github 有一定审核。但可以使用 [[加密与安全|git-crypt]] 进行加密处理。 - 稳定,安全,非 IOS 平台,价格免费,不折腾:[[Syncthing]] - 稳定,安全,全平台,价格还行,较折腾:Obsidian 插件,Remotely Save,Obsidian liveSync,折腾的点在全平台同步,须配合其它软件使用 - 较稳定,安全,非 Linux 平台,价格还行,不折腾:icloud,onedrive