me when i find out i can use ssh to sign my git commits

zitrone 🍋@lemmings.world · 6 months ago

me when i find out i can use ssh to sign my git commits

Xanza@lemm.ee · 6 months ago

Signing isn’t encryption. It’s a non-cipher hash.

$ ❯ echo "This is a signed message." | ssh-keygen -Y sign -n file -f ~/.ssh/id_ed25519 > content.txt.sig
Signing data on standard input

Which outputs the hash of the signed statement, which was signed with my private key;

-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgCwxAYX85ptsTc+Dtz3a0IRondh
qFF3wKMsTqt+c4oGMAAAAEZmlsZQAAAAAAAAAGc2hhNTEyAAAAUwAAAAtzc2gtZWQyNTUx
OQAAAECvqKLkm+kWUgFh0bI8jYIR5BPUaq76MZ94exp2yUn+KnK5YA79ggFY/C4VsnDqJp
SAedWp4eOUwPNG8RR59KsP
-----END SSH SIGNATURE-----

And can then be verified using my public key;

❯ echo "This is a signed message." | ssh-keygen -Y check-novalidate -n file -f ~/.ssh/id_ed25519.pub -s content.txt.sig
Good "file" signature with ED25519 key SHA256:ltAIkPgF9rLt1KlRRh6tQUtWNT8/wErhtAibmSHfbVs

SigmarStern@discuss.tchncs.de · 6 months ago

Thanks for that rabbit hole. My former colleagues and I have just started a new conversation thread in our WhatsApp group about the differences of (non-) cryptographic hashes and encryption. And all because I was confused why you’ve chosen to reference the public key file in your original comment. Well, at least I’m learning something.