Sign me off|in
an invention by mkoutny
Updated over 1 year ago. 1 hackers ♥️. 3 followers.

Project Description

It is possible to sign (off) git commits with your SSH key. The very same key that's used to sign in to SSH servers. I would like to look into the buffer contents in the two cases and examine if/how they are replacable. (I.e. sign a commit during ssh authentication.)

Goal for this Hackweek

Show that sshd cannot sign git commits.

Resources

  • https://calebhearth.com/sign-git-with-ssh
  • https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key

Looking for hackers with the skills:

ssh git cryptography

This project is part of:

Hack Week 22

Activity

  • over 1 year ago: mkoutny started this project.
  • over 1 year ago: dancermak liked this project.
  • over 1 year ago: mkoutny added keyword "git" to this project.
  • over 1 year ago: mkoutny added keyword "cryptography" to this project.
  • over 1 year ago: mkoutny added keyword "ssh" to this project.
  • over 1 year ago: mkoutny originated this project.


    • Comments

    • mkoutny
      over 1 year ago by mkoutny | Reply

      Finished. I found no way how to confuse the signing/authenticating protocol. Details in "slides".

    Similar Projects

    This project is one of its kind!