diff --git a/source/_posts/git-sign-commit-ed25519.md b/source/_posts/git-sign-commit-ed25519.md new file mode 100644 index 0000000..ae0dcee --- /dev/null +++ b/source/_posts/git-sign-commit-ed25519.md @@ -0,0 +1,78 @@ +--- +title: Sign Git commit with an EdDSA/Ed25519/Curve25519 key +excerpt: Utilise a curve not produced by NIST +date: 2020-07-18 +tags: +- security +- gitlab +--- + +## Generate an Ed25519 key + +``` +$ gpg --expert --full-generate-key + +Please select what kind of key you want: + (10) ECC (sign only) +Your selection? 10 + +Please select which elliptic curve you want: + (1) Curve 25519 +Your selection? 1 + +# Key will expire in 1 year +Please specify how long the key should be valid. +Key is valid for? (0) 1y + +Key expires at Sun 18 Jul 2021 00:00:00 UTC +Is this correct? (y/N) y + +Real name: MDLeom +## GitHub: Go to "https://github.com/settings/emails" +# Look for "xxx@users.noreply.github.com will be used for web-based Git operations" +## GitLab: Go to "https://gitlab.com/profile" +# Look for "Use a private email - xxx@users.noreply.gitlab.com" +## Must include the unique number prefix. +Email address: 123456-curbengh@users.noreply.github.com +# Leave the comment empty +Comment: +You selected this USER-ID: + "MDLeom <123456-curbengh@users.noreply.github.com>" + +Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o + +# It should be separate from your system password +Enter a password to encrypt private key: + +pub ed25519 2020-07-18 [SC] [expires: 2021-07-18] + CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4 +uid MDLeom <123456-curbengh@users.noreply.github.com> +``` + +## Export public key + +``` +## Export public key +# Add this public key to your GitHub/GitLab account +gpg --output public.gpg --armor --export CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4 + +## Export private key for backup +# The exported key will be encrypted with your password (that you entered during key generation) +# Need to use the same password to import back +gpg --output private.asc --armor --export-secret-key CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4 +``` + +## Sign Git commit + +``` +# Enable commit signing in a repository folder +$ git config user.signingkey CE44B3CFC4C68B868A7AE868D87953FAD4BB4EC4 + +# Commit a change and sign it +$ git commit -S -m "commit message" +``` + +## See also + +- [Curve25519](https://en.wikipedia.org/wiki/Curve25519#Popularity) +- [Dual_EC_DRBG](https://en.wikipedia.org/wiki/Dual_EC_DRBG)