Signing your commits and authenticating with a GPG key is something you can do with any kind of Git hosting, even something you host on your own server. While what I describe is geared towards GitHub, the most popular Git hosting platform, it is by no means GitHub specific. Hence this article where I explain how to combine a YubiKey, GPG4WIN, PuTTY and Git for Windows on Windows 10 to access your GitHub account – and any SSH server – securely and sign your commits. I had to redo everything last week and I realised I couldn't remember a few non-obvious but critical steps. While I had set this up on Linux and macOS since 2017 I only had the time and patience to do that on my tertiary machine, a Windows 10 one, in late 2019. Moreover, this allows me to sign GPG commits and tags. Having this stored in secure YubiKey hardware and locked behind a PIN is a step up in security authenticating to the remote resource requires physical possession of an unphishable hardware token and knowledge of a PIN. Over the last few years I have standardized my access to remote servers, including GitHub, using a GPG signing subkey as the authentication credential.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |