Signing Git Commits

2022-06-26 — 6 min read
#GPG  #Git 
Signing Git Commits
Git Logo licensed under the CC Attribution 3.0 Unported. GnuPG Logo licensed under GPL, Wikipedia Commons

Introduction

This is a guide to help you sign your Git commits in an open source project, in order to verify that the owner of the submitted code is you and only you.

Git enables us to use whatever email and username we want when doing a git commit. This can be easily used for malicious purposes, as anyone can pretend to be another person when commiting a piece of code. So, if we use signed commits we are showing that we are who we say we are, and if we are using GitHub we will see a green Verified tag in every signed commit we push.

Read more →

GPG Keys - Create & Use

2021-07-23 — 27 min read
#GPG  #Server 
GPG Keys - Create & Use
By GnuPG, GPL, Wikipedia Commons

Introduction

If you are into Linux or the Security field you most likely have heard the terms: PGP, GPG, GnuPG, OpenPGP. They sometimes are being used interchangeably to describe e.g. how to encrypt mails or how to verify signatures of installed programs and packages. It might be difficult for new users to understand the differences, and how the PGP encryption works, but it is simple if explained.

Read more →