Can you decrypt a file outside of git-crypt?

[rnhurt]

I am using git-crypt to store keys in my repos. However, I want to access these keys on other machines (servers) that don't have git or git-crypt installed. Can I used the OpenSSL package to decrypt these files, given a valid password? I've tried several commands but I can't seem to make it work.

This cannot seem to load the password and returns a "zero length password" error: $ openssl enc -aes-256-ctr -d -in secret.key -kfile git-crypt.pass

This cannot seem to load the password and returns a "Error reading password from BIO" & "Error getting password" errors: $ openssl enc -aes-256-ctr -d -in secret.key -pass file:git-crypt.pass

Am I missing something? I've tried using the "salt" flag but that didn't help any. If this is not possible, do you have any suggestions as to how to decrypt these files outside of git-crypt?

[mathieujobin]

I believe openssl is different than GPG encryption. you might have better luck with gpg2

[AGWA]

git-crypt uses its own format for keys and files, so you can't use the openssl command to decrypt files. At the very minimum you will need to install git-crypt on your server (git is not necessary). Then you can decrypt with the following command, which reads the encrypted file from stdin and writes the decrypted version to stdout.

git-crypt smudge --key-file=/path/to/key

To generate the key file, run the export-key command from an existing unlocked repository:

git-crypt export-key /path/to/key

[rnhurt]

Ah, I see. That works as well.

On a related note, do you have any plans on getting git-crypt into the common Linux repos (APT, Yum, etc.) CentOS? :)

[AGWA]

git-crypt is in Debian Stretch and Ubuntu 15.10. I could put together an RPM spec file, but I have no idea what the process is to get a package included with RedHat-derived distros. It would probably be best for an interested user to step up and maintain the RedHat packages.