On Fri, Jan 15, 2010 at 04:35:08PM -0500, Andy Levy wrote: > On Fri, Jan 15, 2010 at 16:23, Ton Boelens <t...@tonsoftime.com> wrote: > > Hi,
> > At the moment, my SVN repository is snvsynced to a server in > > another location. I would like to make this remote repository > > encrypted on the file level, so that even somebody who has > > physically access to this server, cannot read the contents of the > > files. > > I have searched in the svn manual, with Google and in the past > > couple of months posts I have of this mailing list, but I could > > find no reference. > > Does that mean that there is no way to design a solution to this > > requirement? > Wouldn't disk/file-level encryption be a task for the OS? IOW, > encrypt/decrypt the data as it's written to/read from disk, > regardless of whether it's a repository or not? Andy, If you have physical access to a server that contains the encrypted disk and the encryption key as well, you can still use the key to open the disk. How could I solve that? What we are thinking about is something like this (it's a snippit of a larger script): /usr/bin/openssl enc -d -aes-256-cbc -in $1 -out "$BESTAND" -pass file:$PAD/$KEY This command will create a local copy of the repository, which will then be rsynced to the remote server*. I wonder if when I execute this command to the files of a SVN repository and direct the output to another directory, if the new directory, when restored (decrypted again) would still be a good useable repo. I guess we have to do some testing. Has anybody tried something like this? *(this sync would function only as some kind of last resort backup) Thank you for your reply! --- Ton Boelens 's-Hertogenbosch, The Netherlands
