git-crypt unlock not working

[jerger]

Hi,

I try to decrypt a git-crypted file outside of git. We use symmetric en-/decryption with different keys. .gitattributes contains:

*dev_test.properties.enc filter=git-crypt-dev_test diff=git-crypt-dev_test
*dev_live.properties.enc filter=git-crypt-dev_live diff=git-crypt-dev_live
*prod_live.properties.enc filter=git-crypt-prod_live diff=git-crypt-prod_live

Folder looks like:

|-.gitattributes
|-application_credential_dev_live.properties.enc
|-application_credential_dev_test.properties.enc
|-application_credential_prod_live.properties.enc

I try to decrypt lets say the dev_test file with

git init
git-crypt unlock dev_test.key

As result I get:

fatal: You are on a branch yet to be born
Error: 'git checkout' failed
git-crypt has been set up but existing encrypted files have not been decrypted

I've executed openssl dgst -sha256 .git/git-crypt/keys/dev_test on both sides, the sh256 is the same ... do you've any idea?

[nicolaiskogheim]

fatal: You are on a branch yet to be born

Is the repo initialised correctly? What's the output of git status?

[jerger]

sorry, we're not using git-crypt any more ...

[nicolaiskogheim]

I see. I'm considering to start using it. Can I ask what the reason was, and what your alternative is?

[kingbuzzman]

@jerger bump.

[jerger]

We use plain openssl roughly like explained here: https://stackoverflow.com/questions/16056135/how-to-use-openssl-to-encrypt-decrypt-files

We trigger encryption / reencryption manually and git-ignore unencrypted files. On reencryption we respect file-timestamps, git-log (if available) & decrypted file-diff in order to reencrypt only if necessary.

git hocked trigger was not necessary for us.

But to be clear, even if we're not using gitcrypt any more, it was a good thing to try ... :-)