• SigmarStern@discuss.tchncs.de
    2·
    6 months ago

    Sorry for the confusion about “encryption”. I meant “signing” which is encrypting a hash of the commit with your private key, so that others can verify that your the author of the commit using your public key and the hash.

    I think, the only confusion here was the original comment that referenced the public key for signing, but this was resolved, as it is just telling git which key pair to use. Probably, all people here understand the basics of asymmetrical encryption and signing and it was merely misunderstanding of how the command for signing git commits can be used.

    • Xanza@lemm.eeEnglish
      3·
      6 months ago

      Signing isn’t encryption. It’s a non-cipher hash.

      $ ❯ echo "This is a signed message." | ssh-keygen -Y sign -n file -f ~/.ssh/id_ed25519 > content.txt.sig
Signing data on standard input

      Which outputs the hash of the signed statement, which was signed with my private key;

      -----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgCwxAYX85ptsTc+Dtz3a0IRondh
qFF3wKMsTqt+c4oGMAAAAEZmlsZQAAAAAAAAAGc2hhNTEyAAAAUwAAAAtzc2gtZWQyNTUx
OQAAAECvqKLkm+kWUgFh0bI8jYIR5BPUaq76MZ94exp2yUn+KnK5YA79ggFY/C4VsnDqJp
SAedWp4eOUwPNG8RR59KsP
-----END SSH SIGNATURE-----

      And can then be verified using my public key;

      ❯ echo "This is a signed message." | ssh-keygen -Y check-novalidate -n file -f ~/.ssh/id_ed25519.pub -s content.txt.sig
Good "file" signature with ED25519 key SHA256:ltAIkPgF9rLt1KlRRh6tQUtWNT8/wErhtAibmSHfbVs
      • SigmarStern@discuss.tchncs.de
        1·
        6 months ago

        Thanks for that rabbit hole. My former colleagues and I have just started a new conversation thread in our WhatsApp group about the differences of (non-) cryptographic hashes and encryption. And all because I was confused why you’ve chosen to reference the public key file in your original comment. Well, at least I’m learning something.