Broken-by-Design/notes/ssh-signing.md

41 lines
1.8 KiB
Markdown
Raw Normal View History

---
title: Why is it better to sign commits with SSH than OpenPGP?
author: "Florian Maury"
slug: ssh-vs-openpgp-signing
date: 2022-05-26T11:00:00Z
2022-05-28 09:55:19 +00:00
tags:
- cryptography
- git
---
The OpenPGP format was designed in the 90's and never really changed since
then. It was documented in
[RFC4880](https://datatracker.ietf.org/doc/html/rfc4880) in 2008.
Unfortunately, in the 90's, people had really no good understanding of crypto
yet, and the choices made were poor. Envelope design is poor. Some crypto
algorithms are clearly outdated. Some default options are plain wrong.
Have you ever noticed that so many crypto attacks target OpenPGP and GnuPG?
That's not a surprise: it's a popular crypto solution and it's a relatively
easy target, comparatively to some other mainstream crypto implementations. The
Go langage maintainers even deprecated the OpenPGP implementation in their
crypto standard library because they think [OpenPGP is
*dangerous*](https://github.com/golang/go/issues/44226).
> OpenPGP is incompatible with [Go Cryptography
> Principles](https://golang.org/design/cryptography-principles),
it's complex, fragile, and unsafe, and using it exposes applications to a
dangerous ecosystem.
Basically, I would say that the only thing that OpenPGP has for itself is the
deployed infrastructure. Or has it? Web of trust is mostly dead, since
keyservers are out-of-service. And OpenPGP adoption was never really that high
to begin with.
SSH keys are much more widely deployed and used than OpenPGP keys. The format
is dead simple, and the crypto implementation from OpenSSH is up-to-date.
I am very happy that git made SSH signing possible; it means I can delete my
OpenPGP keys for good. I just hope linux distros will make the switch soon, to
a more modern crypto approach: ssh signing or minisign.