Project Description

It is possible to sign (off) git commits with your SSH key. The very same key that's used to sign in to SSH servers. I would like to look into the buffer contents in the two cases and examine if/how they are replacable. (I.e. sign a commit during ssh authentication.)

Goal for this Hackweek

Show that sshd cannot sign git commits.

Resources

Looking for hackers with the skills:

ssh git cryptography

This project is part of:

Hack Week 22

Activity

  • over 1 year ago: mkoutny started this project.
  • over 1 year ago: dancermak liked this project.
  • over 1 year ago: mkoutny added keyword "git" to this project.
  • over 1 year ago: mkoutny added keyword "cryptography" to this project.
  • over 1 year ago: mkoutny added keyword "ssh" to this project.
  • over 1 year ago: mkoutny originated this project.

  • Comments

    • mkoutny
      over 1 year ago by mkoutny | Reply

      Finished. I found no way how to confuse the signing/authenticating protocol. Details in "slides".

    Similar Projects

    Nodes Overview by lrangasamy

    [comment]: # (Please use the project descriptio...


    SSH key distribution solution by vgrinco

    Project Description

    SSH key distribution so...


    Authenticated hashes for BTRFS by dsterba

    Project Description

    Implement a checksum ...