Project Description

It is possible to sign (off) git commits with your SSH key. The very same key that's used to sign in to SSH servers. I would like to look into the buffer contents in the two cases and examine if/how they are replacable. (I.e. sign a commit during ssh authentication.)

Goal for this Hackweek

Show that sshd cannot sign git commits.

Resources

Looking for hackers with the skills:

ssh git cryptography

This project is part of:

Hack Week 22

Activity

  • about 2 months ago: mkoutny started this project.
  • about 2 months ago: dancermak liked this project.
  • about 2 months ago: mkoutny added keyword "git" to this project.
  • about 2 months ago: mkoutny added keyword "cryptography" to this project.
  • about 2 months ago: mkoutny added keyword "ssh" to this project.
  • about 2 months ago: mkoutny originated this project.

  • Comments

    • mkoutny
      about 2 months ago by mkoutny | Reply

      Finished. I found no way how to confuse the signing/authenticating protocol. Details in "slides".

    Similar Projects

    Explore the integration between OBS and GitHub by pdostal

    Project Description

    The goals:

    1) When...


    Containerized git server/client for playground and tutorials by mberti

    [comment]: # (Please use the project descriptio...


    obs_scm_demo by smithfarm

    Project Description

    For a long time, I ha...


    Encrypted volumes in elemental-toolkit by flonnegren

    [comment]: # (Please use the project descriptio...


    Authenticated hashes for BTRFS by dsterba

    Project Description

    Implement a checksum ...