SVN + Veracrypt + Dropbox?

Question

I'm working on a private project and starting to feel kind of paranoid about somebody stealing my code and don't want to rely on the honesty of the current source control hosting service, although I don'y have any reason not to trust them. For the foreseeable future, I'll be the only one working on this project.

I'm thinking of creating a small Veracrypt virtual drive and an SVN repository on it, and keeping the encrypted file in Dropbox for automatic syncing.

I still use Truecrypt occasionally (been meaning to migrate tho Veryacrypt) and keep its small encrypted virtual drive in Dropbox. I don't use it with in SVN repository, but otherwise the idea is similar. The problem is that I have to unmount the drive for the file to sync, so I'm guessing the file's contents and timestamp are updated only then. As far as I understand, Truecrypt development has stopped, and Veracrypt is a fork that is being maintained and developed further.

Is there a way to configure Veracrypt to do automatic flushing to make sure the file syncs every time?

Is there a better way to do this, maybe an SVN hosting service that guarantees security for paranoid clients?

Answer 1

I'm the main developer behind VeraCrypt and I just answered your similar question on VeraCrypt forum on CodePlex : https://veracrypt.codeplex.com/discussions/568126. I'm reproducing it here for the record.

Actually there is nothing we can do to force automatic flushing of the data into the container every time changes are made .To explain why, I'll take the example of a USB flash drive. When you write data to a plugged USB key, there is no guarantee it will be written right away : instead, Windows for performance reasons uses a cache mechanism to store your data or modifications and they will written on the device after some delay that depends on multiple factors. The only way to be sure that your data have been written to your USB key is to "Safe Eject" it.

Windows handles a VeraCrypt virtual drive the same way : when you make changes to the content of the drive, the unencrypted data are not written right away and thus our device driver doesn't receive anything that can be encrypted and written back to the encrypted container. We have to wait for Windows to flush the data to the virtual drive and then we can encrypt them. When you unmount the virtual drive, Windows reacts the same way as for the ejection of USB flash drive: it flushes the pending data into the storage which in turn triggers their encryption in our device driver and it makes VeraCrypt store the encrypted data in the encrypted container.

There are free tools on the internet that enables you to explicitly force Windows to flush all pending data on a specific drive (like Sync from Sysinternals and FFB from Uwe Sieber's Homepage). But they have to be run with administrative privileges.

In your specific case, I have a solution : you can use an SVN Hook Script. Create a Post-commit hook script where you call one of the tools I listed above with the right parameters in order to flush the data on the desired virtual drive after each commit. Don't forget to configure the exe program to always run as an administrator by modifying its Compatibility properties (this link explains how : http://technet.microsoft.com/en-us/magazine/ff431742.aspx)

Last point : Linux has the same issue but the mount command has options to automatically write data to the filesystem (namely -o sync or -o flush). VeraCrypt uses the mount command internally and it offers the possibility to specify additional options to be passes to the mount command : if you use VeraCrypt command line, you can use the switch --fs-options (i.e. --fs-options=sync) and if you use the GUI, just click on the "Options" button in the password dialog : new fields will appear and in "Mount options" you can put "sync" or "flush".

I hope these elements will help you solve your synchronization issues.