Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (
Help us improve Python packaging - Donate today!

diff-friendly AES-GCM for git repos

Project Description

# Perfido [![Build Status](](
Perfido is a diff-friendly, no-guarentees encryption method for your repo.
It scans your repo, chops every file into chunks, and runs GCM (AEAD) symetric
encryption on them, saving the keys it used with the public RSA keys in your

When most of the file hasn't changed, this is meant to save a little space
over just encrypting the whole file differently each time. (no guarentees).

***Technically speaking, right now it's length hardcoded so deleting some means
it has to re-encrypt the rest of the entire file, so... not space saving yet!***

## Contributing (help welcome) :beers:

You're more than welcome to get mad at the fact that nothing
works yet, or that I repeat myself a whole lot.

**Pull requests :heart:**, the commands to help out with your changes are:
* `virtualenv staging -p python3`
* `pylint perfido/`
* `autopep8 -rvi .`
* `green -vvv perfido`

**Design :octocat:**
* repeat less (for example, the context manager for repos within testing)
* unify code that does the same thing (check/lookup -> status)
* test with more isolation on code (when promptKeyring fails, almost everything does)
* binary/string management on the libraries we're using (pygit, pycryptodome)

**Algorithms :tophat:**
* database lookups (comma separated, newlines (friendly with git's diff))
* sizes of blocks (prefix on algorithm database)
* unexpected states (could make a lot of permutation tables)

### Todos:
* versioning
* [ ] pypi stuff (initial package)
* [ ] fix pypi's angry nature
* [ ] allow installing to the command line
* [ ] use as a library
* testing
* [ ] get example dirs reproducible
* [ ] build `with` helper for tests
* [ ] commit hook on failing lint/tests/coverage?
* design
* [ ] path storage (or just have path as requirement to functions)
* [ ] use pygit instead of `` for compatibility vs shell commands
* [ ] move to subcommands in ``
* [ ] combine check/lookup into one "status" command.
* block lengths
* [ ] store blocklengths in db
* [ ] algorithm for variable blocklengths to save space
* [ ] find optimum AES-GCM message size (currently, 3*128)
* multiple users (`keyAdd`, `keyDel`)
* [ ] command to manage GPG/triplesec keys on repo?
* [ ] pbkdf2 that? should scrypt by default.
* [ ] subfolders by key fingerprint, each file's paths
* [ ] build aliases back into files again.
* [ ] sanity checking for files that don't exist in either place
* [ ] mv/rm commands (`perfidoMV`, `perfidoCP`, `perfidoRM`)
* [ ] add to encryption unencrypted files
* [ ] add to unencryption, files that don't need encrypting

# Commands :computer:

## Init :sparkles: `perfido init /path/to/repo`
Adds perfido database dir to your project, inits git (to be helpful).
Defaults to '.'

## Encrypt :lock: `perfido encrypt /path/to/repo`
Encrypts the working directory and stores that data with the public
keys within `.pfd`.

## Decrypt :unlock: `perfido decrypt /path/to/repo`
Decrypts the working directory with the private key in your home dir's

## Lookup :eyes: `perfido lookup /path/to/repo`
Checks whether a directory is a perfido repository. Could be
reasonably combined with 'check' to produce a "status" command.

## Check :mag: `perfido check /path/to/repo`
Tests whether file state is sane by reading perfido's DB and
comparing that to the working tree.

## Key-Add :key: `perfido key-add alias /path/to/repo`
Create the private key needed for encrypting something. currently,
should really only be your own key. Then encrypts the repository
metadata with that key, just in-case.

## Key-Del :key: `perfido key-del alias /path/to/repo`
Deletes a key (defaults to your own). Will decrypt the repo before
deleting the key if it's the only one.

## MV :runner: `perfido mv start finish`
Move a file and its metadata

## CP :runner: `perfido cp start finish`
Copy a file and its metadata (should technically encrypt it differently?)

## RM :boom: `perfido rm file`
Remove a file and its metadata

Release History

This version
History Node


Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, Size & Hash SHA256 Hash Help File Type Python Version Upload Date
(30.7 kB) Copy SHA256 Hash SHA256
Source None Nov 6, 2017
(23.8 kB) Copy SHA256 Hash SHA256
Wheel py2.py3 Nov 6, 2017
(23.8 kB) Copy SHA256 Hash SHA256
Wheel py3 Nov 6, 2017

Supported By

Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Kabu Creative Kabu Creative UX & Design Google Google Cloud Servers Fastly Fastly CDN StatusPage StatusPage Statuspage DigiCert DigiCert EV Certificate