Sign me off|in
an invention by mkoutny
Updated almost 3 years ago. 1 hackers ♥️. 3 followers.

Project Description

It is possible to sign (off) git commits with your SSH key. The very same key that's used to sign in to SSH servers. I would like to look into the buffer contents in the two cases and examine if/how they are replacable. (I.e. sign a commit during ssh authentication.)

Goal for this Hackweek

Show that sshd cannot sign git commits.

Resources

  • https://calebhearth.com/sign-git-with-ssh
  • https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key

Looking for hackers with the skills:

ssh git cryptography

This project is part of:

Hack Week 22

Activity

  • almost 3 years ago: mkoutny started this project.
  • almost 3 years ago: dancermak liked this project.
  • almost 3 years ago: mkoutny added keyword "git" to this project.
  • almost 3 years ago: mkoutny added keyword "cryptography" to this project.
  • almost 3 years ago: mkoutny added keyword "ssh" to this project.
  • almost 3 years ago: mkoutny originated this project.


    • Comments

    • mkoutny
      almost 3 years ago by mkoutny | Reply

      Finished. I found no way how to confuse the signing/authenticating protocol. Details in "slides".

    Similar Projects

    (Finish) Implementing SSH in Zig by lmulling

    Description

    Following Zig's philosophy of reinventing the wheel -- for the better, a while ago I've started implementing the ssh protocol in it. I've got as far as implementing all of the primitives, keys, certs, and most of the agent protocol -- what I needed at the time. Now, the aim is to finish the implementation.

    Current implementation: git.sr.ht/~mulling/zssh

    Goals

    • Have a working implementation of the ssh protocol in Zig.
    • Be flexible, as to allow for hacking of the protocol (i.e. testing PQC algorithms).
    • Be agnostic of cryptography libraries (i.e. libcrypto, leancrypto).

    Resources

    Create a page with all devel:languages:perl packages and their versions by tinita

    Description

    Perl projects now live in git: https://src.opensuse.org/perl

    It would be useful to have an easy way to check which version of which perl module is in devel:languages:perl. Also we have meta overrides and patches for various modules, and it would be good to have them at a central place, so it is easier to lookup, and we can share with other vendors.

    I did some initial data dump here a while ago: https://github.com/perlpunk/cpan-meta

    But I never had the time to automate this.

    I can also use the data to check if there are necessary updates (currently it uses data from download.opensuse.org, so there is some delay and it depends on building).

    Goals

    • Have a script that updates a central repository (e.g. https://src.opensuse.org/perl/_metadata) with metadata by looking at https://src.opensuse.org/perl/_ObsPrj (check if there are any changes from the last run)
    • Create a HTML page with the list of packages (use Javascript and some table library to make it easily searchable)

    Resources

    go-git: unlocking SHA256-based repository cloning ahead of git v3 by pgomes

    Description

    The go-git library implements the git internals in pure Go, so that any Go application can handle not only Git repositories, but also lower-level primitives (e.g. packfiles, idxfiles, etc) without needing to shell out to the git binary.

    The focus for this Hackweek is to fast track key improvements for the project ahead of the upstream release of Git V3, which may take place at some point next year.

    Goals

    Stretch goals

    Resources

    • https://github.com/go-git/go-git/
    • https://go-git.github.io/docs/