Sign me off|in
an invention by mkoutny
Updated over 2 years ago. 1 hackers ♥️. 3 followers.

Project Description

It is possible to sign (off) git commits with your SSH key. The very same key that's used to sign in to SSH servers. I would like to look into the buffer contents in the two cases and examine if/how they are replacable. (I.e. sign a commit during ssh authentication.)

Goal for this Hackweek

Show that sshd cannot sign git commits.

Resources

  • https://calebhearth.com/sign-git-with-ssh
  • https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key

Looking for hackers with the skills:

ssh git cryptography

This project is part of:

Hack Week 22

Activity

  • almost 3 years ago: mkoutny started this project.
  • almost 3 years ago: dancermak liked this project.
  • almost 3 years ago: mkoutny added keyword "git" to this project.
  • almost 3 years ago: mkoutny added keyword "cryptography" to this project.
  • almost 3 years ago: mkoutny added keyword "ssh" to this project.
  • almost 3 years ago: mkoutny originated this project.


    • Comments

    • mkoutny
      almost 3 years ago by mkoutny | Reply

      Finished. I found no way how to confuse the signing/authenticating protocol. Details in "slides".

    Similar Projects

    (Finish) Implementing SSH in Zig by lmulling

    Description

    Following Zig's philosophy of reinventing the wheel -- for the better, a while ago I've started implementing the ssh protocol in it. I've got as far as implementing all of the primitives, keys, certs, and most of the agent protocol -- what I needed at the time. Now, the aim is to finish the implementation.

    Current implementation: git.sr.ht/~mulling/zssh

    Goals

    • Have a working implementation of the ssh protocol in Zig.
    • Be flexible, as to allow for hacking of the protocol (i.e. testing PQC algorithms).
    • Be agnostic of cryptography libraries (i.e. libcrypto, leancrypto).

    Resources