为什么git用GPG密钥而不是SSH密钥签名? [英] Why does git sign with GPG keys rather than using SSH keys?

问题描述

SSH和GPG非对称密钥之间有什么区别?为什么git支持使用GPG而不是使用SSH代理进行签名?

What are the differences between SSH and GPG asymmetric keys and why does git support signing with GPG rather than using the SSH agent?

推荐答案

在任何内容的第一个概念/git/commit/ec4465adb38d21966acdc9510ff15c0fe4539468"rel =" noreferrer>提交ec4465a，Git v0.99，2005年4月(从一开始就是很多)

The very first notion of signing anything in Git was referenced in commit ec4465a, Git v0.99, Apr. 2005 (pretty much from the very beginning)

/**
 * A signature file has a very simple fixed format: three lines
 * of "object <sha1>" + "type <typename>" + "tag <tagname>",
 * followed by some free-form signature that git itself doesn't
 * care about, but that can be verified with gpg or similar.
 **/

所以你的问题有腿.

最早签名的提交使用gpg，但可以使用其他任何内容(提交65f0d0e ):

The very first signed commit used gpg, but could have used anything else (commit 65f0d0e):

#!/bin/sh
object=${2:-$(cat .git/HEAD)}
type=$(cat-file -t $object) || exit 1
( echo -e "object $object\ntype $type\ntag $1\n"; cat ) > .tmp-tag
rm -f .tmp-tag.asc
gpg -bsa .tmp-tag && cat .tmp-tag.asc >> .tmp-tag
git-mktag < .tmp-tag
#rm .tmp-tag .tmp-tag.sig

从技术上讲，您可以使用 gpg代替ssh .不过，我很少看到相反的情况.
但是您可以将SSH密钥对与PGP/GPG一起使用.
这意味着第一个验证脚本可能仍然有效(提交f336e71 )... PGP评论:

Technically, you can use gpg in place of ssh. I haven't seen often the reverse though.
But you can use an ssh key-pair be used with PGP/GPG.
That means the first validation script might still work (commit f336e71)... except it expected a PGP comment:

#!/bin/sh
GIT_DIR=${GIT_DIR:-.git}

tag=$1
[ -f "$GIT_DIR/refs/tags/$tag" ] && tag=$(cat "$GIT_DIR/refs/tags/$tag")

git-cat-file tag $tag > .tmp-vtag || exit 1
cat .tmp-vtag | sed '/-----BEGIN PGP/Q' | gpg --verify .tmp-vtag -
rm -f .tmp-vtag

因此，为什么git用GPG密钥而不是SSH密钥签名?":GPG的目的是与SSH相对，而不是SSH，

So, "Why does git sign with GPG keys rather than using SSH keys?": it is what GPG is meant to do, as opposed to SSH, which cannot do with openssh alone (it needs openssl).

torek 发表的评论，理论上可以使用SSH，但这并不方便.

As commented by torek, using SSH would be theoretically possible, it's just not convenient.

此外，PGP还具有其他功能(并非Git直接使用它们-Git本身只是在调用某些外部软件-但在这些情况下诸如键撤销之类的功能还是有用的.)

In addition, PGP has extra features (not that Git uses them directly—Git itself is just invokes some external software—but things like key revocation are useful in these contexts).

这篇关于为什么git用GPG密钥而不是SSH密钥签名?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！