41 lines
1.8 KiB
Markdown
41 lines
1.8 KiB
Markdown
---
|
|
title: Why is it better to sign commits with SSH than OpenPGP?
|
|
author: "Florian Maury"
|
|
slug: ssh-vs-openpgp-signing
|
|
date: 2022-05-26T11:00:00Z
|
|
tags:
|
|
- cryptography
|
|
- git
|
|
lang: en
|
|
---
|
|
|
|
The OpenPGP format was designed in the 90's and never really changed since
|
|
then. It was documented in
|
|
[RFC4880](https://datatracker.ietf.org/doc/html/rfc4880) in 2008.
|
|
Unfortunately, in the 90's, people had really no good understanding of crypto
|
|
yet, and the choices made were poor. Envelope design is poor. Some crypto
|
|
algorithms are clearly outdated. Some default options are plain wrong.
|
|
|
|
Have you ever noticed that so many crypto attacks target OpenPGP and GnuPG?
|
|
That's not a surprise: it's a popular crypto solution and it's a relatively
|
|
easy target, comparatively to some other mainstream crypto implementations. The
|
|
Go langage maintainers even deprecated the OpenPGP implementation in their
|
|
crypto standard library because they think [OpenPGP is
|
|
*dangerous*](https://github.com/golang/go/issues/44226).
|
|
|
|
> OpenPGP is incompatible with [Go Cryptography
|
|
> Principles](https://golang.org/design/cryptography-principles),
|
|
it's complex, fragile, and unsafe, and using it exposes applications to a
|
|
dangerous ecosystem.
|
|
|
|
Basically, I would say that the only thing that OpenPGP has for itself is the
|
|
deployed infrastructure. Or has it? Web of trust is mostly dead, since
|
|
keyservers are out-of-service. And OpenPGP adoption was never really that high
|
|
to begin with.
|
|
|
|
SSH keys are much more widely deployed and used than OpenPGP keys. The format
|
|
is dead simple, and the crypto implementation from OpenSSH is up-to-date.
|
|
|
|
I am very happy that git made SSH signing possible; it means I can delete my
|
|
OpenPGP keys for good. I just hope linux distros will make the switch soon, to
|
|
a more modern crypto approach: ssh signing or minisign.
|