Hi all! I’m Keyan.<p>git-remote-gitern is a git remote helper that end to end encrypts git repos without a custom remote receiver and without additional user key management (other than SSH keys). For demonstration, git-remote-gitern's repo has been encrypted using itself: <a href="https://github.com/huumn/git-remote-gitern-encrypted" rel="nofollow">https://github.com/huumn/git-remote-gitern-encrypted</a>. It's built for use with <a href="https://gitern.com" rel="nofollow">https://gitern.com</a>.<p>I know some hackers self-host git for security reasons so I was curious how tractable e2ee without a custom backend might be. I had also been curious about git internals given my plans with gitern so I made this as a bit of a forcing function to learn git and encryption and nodejs better.<p>A little snippet about <i>how it works</i> from the README for those that don't like to click off<p>> git-remote-gitern creates an encrypted object graph that has mostly identical structure to your git repo's unencrypted object graph. This encrypted object graph behaves like any other git repo but all of its objects are encrypted. It keeps track of the mapping between unencrypted and encrypted objects using a flat file stored in the encrypted repo. This mapping allows git-remote-gitern to determine the revision of an unencrypted repo relative to an encrypted one.<p>I go into more depth in the README.<p>And <i>key management</i><p>> A symmetric key is generated for each repo and is used to encrypt the repo. For each ssh public key on the gitern account, the symmetric key is encrypted with this ssh public key and stored in the encrypted repo. Thus any computer with an ssh private key corresponding to an ssh public key used to encrypt the symmetric key can decrypt a git-remote-gitern repo.<p>Follow me <a href="https://twitter.com/k00bideh" rel="nofollow">https://twitter.com/k00bideh</a> or gitern <a href="https://twitter.com/giternhackers" rel="nofollow">https://twitter.com/giternhackers</a> for development updates. I'll be hacking on public repos next.