Anonymous Git with Signatures
Project description
Git-Anon: Anonymous Git with Signatures
Project Status
This project is a usable proof of concept.
As such it should be used mostly for experimentation and unimportant projects and likely contains multiple bugs, some of which might affect its security.
Some convenience features are not implemented yet and the storage and synchronization system might change in an incompatible way.
Installation
pip3 install git-anon
Installing from Source
python3 setup.py install
alternatively obtain a source- or wheel-distribution and use:
pip3 install /path/to/distribution-file
Usage
Clone or initialize the repository normally (making sure to set a remote called origin
)
Then configure your identity:
# synchronization settings
git anon config set-enc-key "shared_secret"
# the attributes you want to share, the first one will be used as your "name"
git anon config add-userid "John Snow" --encrypted --auto-reveal
git anon config add-userid "Member of the Nights Watch" --public --auto-reveal
git anon config add-userid "King in the North" --encrypted --no-auto-reveal
Consider setting up attribute certification or self certification (see the respective chapter below).
Then create your first identity:
git anon enable
git anon new-identity
Finally, commit, pull and push as usual. If you think you're missing information about other identities:
git anon config set-enc-key "shared_secret" # if you know the secret and haven't provided it before
git anon update-mappings
If you still can't see what you're interested in, it likely wasn't shared with you.
Certification
Any userids/attributes that you add are simply claims until they are certified by someone the relying party trusts. This certification uses digital signatures over the attributes and their associated public keys created using certification keys. These certification keys have to be manually imported and will be trusted to certify any attribute, that matches one of their userids.
Git-anon will use any imported certification keys, for which private keys are available to certify any matching attributes on identities it creates for you.
Keep in mind, that user ids must match exactly (including e-mails and comments).
Self-Certification
This is the easiest and most practical certification. To certify that the claimed name on your anonymous identity is legitimate, you can sign it with your typical gpg key that others already trust.
This function is still rudimentary and requires you to import your unprotected private key into git-anon.
In the future this should use your regular gpg installation to request signatures, therefore supporting protected keys and keys on smartcards. Use a separate key if you don't feel comfortable doing this with your normal key. Keep in mind that git-anon stores your private key in an unprotected format close to your git repository.
Assuming gpg finds your key using the identifier $KEY_ID:
gpg --edit-key $KEY_ID
-> passwd
-> set an empty password
-> save
-> quit
gpg --armor --export-secret-key $KEY_ID | git-anon cert trust
Git-Anon will now use this key to both sign and trust (exactly) matching attributes.
Attribute-or Role-Certification
You might want to assert attributes about yourself, without revealing your identity. To achieve this you can add userids that describe your membership in a group (such as "Member of the Nights Watch" above).
To then certify these assertions all (legitimate) members of this group must share access to a suitable certification key.
The easiest way of doing this is to create a certification key and sharing it directly with all members. The more secure way would be to have one person create the key, publish it's public component and offer to certify identities for other members of the group.
First create a certification key and publish it's public half.
git anon cert gen-key --uid "Member of the Nights Watch" --output nights_watch.pub --output-secret-key nights_watch.key
Others can then import and trust the public half:
cat nights_watch.pub | git anon cert import
Then either provide the secret half to all members of the group or offer to sign their identities for them. If the secret half of the certification key is available, git-anon will use it automatically when creating new identities.
For now the certification process for foreign identities looks like this:
# group member: create a new identity
ANONKEYID=git anon create-identity
# group member: create certificate requests
git anon cert request --keyid $ANONKEYID --uid "Member of the Nights Watch" > cert-reqeust.asc
# key holder: sign the requests (after verifying they are from legitimate members)
cat cert-request.asc | git anon cert sign --uid "Member of the Nights Watch" > cert-response.asc
# group member: import the certification
cat cert-response.asc | git anon cert import
# group member: enable the new identity
git anon use-identity $ANONKEYID
Of course many identities can and should be prepared at once.
Shared Secrets
Shared secrets must be strong enough to withstand offline brute force attacks and should therefore be generated randomly with at least 100 bits of entropy. 32 random hexadecimal characters would be a good choice.
There are no mechanisms to make brute-force more difficult, instead simply make the shared secret stronger.
Information for Developers
Building distributable packages
Building Python packages:
python3 setup.py test sdist bdist_wheel
Running system tests:
python3 setup.py bdist_wheel
docker build -t git-anon-testing .
docker run -it git-anon-testing python3 system_test.py
Building Debian (.deb) packages for the currently installed distribution:
sudo apt install dh-python
pip3 install stdeb
python setup.py --command-packages=stdeb.command bdist_deb
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file git-anon-0.1.1.tar.gz
.
File metadata
- Download URL: git-anon-0.1.1.tar.gz
- Upload date:
- Size: 38.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/54.1.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.8.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 36ab1959883558dae4886f5e3de1c811ea1bc8831219fa3792bc9f60f67efc8e |
|
MD5 | 586d3d5a7bda14208aabbc42be9a0f94 |
|
BLAKE2b-256 | 65fb3327aa1b1506f2be9dab573a3098487e5a78251e0754a9123138d4c1c176 |
File details
Details for the file git_anon-0.1.1-py3-none-any.whl
.
File metadata
- Download URL: git_anon-0.1.1-py3-none-any.whl
- Upload date:
- Size: 35.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/54.1.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.8.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 61b2b987338cc5cea18c223ae10c0eb0d1054c199e3dacae8780b4cd0f4818ed |
|
MD5 | 038c250a954618427899b9e0c8a49fbd |
|
BLAKE2b-256 | e6be303b5e4834a385e311a5d17324d3028d313c7434c6f6ea200dfcc04f5750 |