blog/source/_posts/git-sign-commit-ed25519.md

79 lines
2.1 KiB
Markdown
Raw Normal View History

2020-07-18 08:02:40 +00:00
---
title: Sign Git commit with an EdDSA/Ed25519/Curve25519 key
excerpt: Utilise a curve not produced by NIST
date: 2020-07-18
tags:
- security
- gitlab
---
## Generate an Ed25519 key
```
$ gpg --expert --full-generate-key
Please select what kind of key you want:
(10) ECC (sign only)
Your selection? 10
Please select which elliptic curve you want:
(1) Curve 25519
Your selection? 1
# Key shouldn't expire (in commit signing)
2020-07-18 08:02:40 +00:00
Please specify how long the key should be valid.
Key is valid for? (0) 0
2020-07-18 08:02:40 +00:00
Key expires at Sun 18 Jul 2021 00:00:00 UTC
Is this correct? (y/N) y
Real name: MDLeom
## GitHub: Go to "https://github.com/settings/emails"
# Look for "xxx@users.noreply.github.com will be used for web-based Git operations"
## GitLab: Go to "https://gitlab.com/profile"
# Look for "Use a private email - xxx@users.noreply.gitlab.com"
## Must include the unique number prefix.
Email address: 123456-curbengh@users.noreply.github.com
# Leave the comment empty
Comment:
You selected this USER-ID:
"MDLeom <123456-curbengh@users.noreply.github.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
# It should be separate from your system password
Enter a password to encrypt private key:
pub ed25519 2020-07-18 [SC] [expires: 2021-07-18]
CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4
uid MDLeom <123456-curbengh@users.noreply.github.com>
```
## Export public key
```
## Export public key
# Add this public key to your GitHub/GitLab account
gpg --output public.gpg --armor --export CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4
## Export private key for backup
# The exported key will be encrypted with your password (that you entered during key generation)
# Need to use the same password to import back
gpg --output private.asc --armor --export-secret-key CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4
```
## Sign Git commit
```
# Enable commit signing in a repository folder
$ git config user.signingkey CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4
# Commit a change and sign it
$ git commit -S -m "commit message"
```
## See also
- [Curve25519](https://en.wikipedia.org/wiki/Curve25519#Popularity)
- [Dual_EC_DRBG](https://en.wikipedia.org/wiki/Dual_EC_DRBG)