Blinking Robots
Now Reading
Use KeePassXC to signal your git commits
Blinking Robots
Blinking Robots
Reviving the Senses: Reimagining Digital Interfaces for a Extra Partaking Expertise
Revisiting CSS border-image (Unlocking Artistic Potential)
Understanding the Distinction Between :is() and :the place() Pseudo-selectors
Zeroheight Releases Its Design Techniques Report 2025
Revolutionizing Net Design: The Important Instruments for 2025 and Past
Exploring Superior Methods for Styling Counters in CSS (Much less Than 100 Characters)
Breadcrumbs Are Lifeless in Net Design (Much less Than 100 Characters)
The Loss of life of Google Search: Is the Search Engine on Its Final Legs?
Demystifying Net Parts: A Complete Information
Unsplash’s Twin Search Bars: Navigational Overkill or Useful Design?
Enhancing Web site Search Performance with Astro Actions and Fuse.js
Empowering Inclusivity: Smashing Meets Accessibility

Use KeePassXC to signal your git commits

by
March 2, 2024
2024-03-02 02:14:10

Git 2.34 launched a brand new characteristic: the power to signal commits using an SSH key as an alternative of only a PGP key. This implies now you can handle your SSH key with KeePassXC for each git operations and commit signing.

It’s a handy possibility, with every thing being in a single place; it’s definitely simpler to handle than separate PGP keys. And it nonetheless provides the safety advantages of a password supervisor — you possibly can have a powerful password on the important thing and gained’t must kind it in every time you push or signal the commit.

This publish assumes you’re already utilizing KeePassXC to handle your SSH keys.
To arrange KeePassXC as an SSH agent in WSL2/Ubuntu, see this post

It’s finest to have the newest model put in. On Ubuntu, you may get the newest git by including their repository.

sudo add-apt-repository ppa:git-core/ppa -y
sudo apt replace 
sudo apt set up -y git
git --version

First, inform git that we need to signal each commit.

git config --global commit.gpgsign true

Then inform git to make use of ssh for signing, as an alternative of gpg which it will usually use.

git config --global gpg.format ssh

Lastly inform git to seize the primary key from the ssh agent.

git config --global --unset person.signingkey
git config --global gpg.ssh.defaultKeyCommand "ssh-add -L"

The above will work nicely if the first key being served by KeePassXC is the one you need to use.

You possibly can see for your self by working:

ssh-add -L

If the important thing you need to use isn’t the primary in that checklist, you’ll have to repeat the general public key, and move it to git as proven right here:

git config --global --unset gpg.ssh.defaultKeyCommand
git config --global person.signingkey "key::ssh-ed25519 AAAAC3NzaC1xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

The format is the key:: prefix, adopted by the important thing format (ssh-ed25519), after which the important thing itself. I’ve observed that it really works whether or not or not you embody the label on the finish of the important thing.

Now attempt signing a commit; since we’ve instructed git to all the time signal commits, simply do:

git commit --allow-empty --message="Testing SSH signing"

For those who see no errors, then it labored.

For those who use SSH on your git pushes and fetches, you’ve already told Github about your SSH key. You’ll have to do that as soon as extra, however this time for signing.

Go to the Add new SSH key page, and choose “Signing Key” from the “Key Sort” dropdown. Then paste in your public key.


SSH key particularly for signing

Push your signed commit as much as Github, and it ought to seem with the verified badge.


Verified badge

That is optionally available, although it’s good to have the ability to confirm your individual commits regionally.

For those who do a git log --show-signature, you must see “No signature” listed towards your SSH signed commits. That is regular for now.

Add your electronic mail deal with adopted by the general public key to an allowed_signers file.

echo "[email protected] $(ssh-add -L)" >> ~/.ssh/allowed_signers

As earlier than, if in case you have a number of keys, specify the one you need to use immediately.

Inform git the place to seek out that allowed_signers file.

git config --global gpg.ssh.allowedSignersFile ~/.ssh/allowed_signers

And that’s it. For those who now view the log, you must see “Good signature” listed towards your SSH signed commits.

git log --show-signature


Good signature

Though this publish is about KeePassXC, it also needs to work the identical with different SSH brokers like KeeAgent, or the in-built ssh-agent by simply including the important thing utilizing ssh-add ~/.ssh/id_ed25519.

To your reference, that is what my ~/.gitconfig seems to be like after setting this up.

It is a model the place the primary key from KeePassXC is used, good and easy.

[user]
        title = mendhak
        electronic mail = [email protected]
[commit]
        gpgsign = true
[gpg]
        format = ssh
[gpg "ssh"]
        allowedSignersFile = /dwelling/mendhak/.ssh/allowed_signers
        defaultKeyCommand = ssh-add -L

It is a model the place I’ve specified the important thing immediately.

[user]
        title = mendhak
        electronic mail = [email protected]
        signingkey = key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkrfhulAPWQMzPXF08BYdUgDi6NMD9FzdpiR5IhUmMr
[commit]
        gpgsign = true
[gpg]
        format = ssh
[gpg "ssh"]
        allowedSignersFile = /dwelling/mendhak/.ssh/allowed_signers

Source Link

What's Your Reaction?
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0
View Comments (0)

Leave a Reply

Your email address will not be published.

Blinking Robots

2022 Blinking Robots.
WordPress by Doejo

Scroll To Top