Broken-by-Design/notes/ssh-signing.md

1.8 KiB

title author slug date tags lang
Why is it better to sign commits with SSH than OpenPGP? Florian Maury ssh-vs-openpgp-signing 2022-05-26T11:00:00Z
cryptography
git
en

The OpenPGP format was designed in the 90's and never really changed since then. It was documented in RFC4880 in 2008. Unfortunately, in the 90's, people had really no good understanding of crypto yet, and the choices made were poor. Envelope design is poor. Some crypto algorithms are clearly outdated. Some default options are plain wrong.

Have you ever noticed that so many crypto attacks target OpenPGP and GnuPG? That's not a surprise: it's a popular crypto solution and it's a relatively easy target, comparatively to some other mainstream crypto implementations. The Go langage maintainers even deprecated the OpenPGP implementation in their crypto standard library because they think OpenPGP is dangerous.

OpenPGP is incompatible with Go Cryptography Principles, it's complex, fragile, and unsafe, and using it exposes applications to a dangerous ecosystem.

Basically, I would say that the only thing that OpenPGP has for itself is the deployed infrastructure. Or has it? Web of trust is mostly dead, since keyservers are out-of-service. And OpenPGP adoption was never really that high to begin with.

SSH keys are much more widely deployed and used than OpenPGP keys. The format is dead simple, and the crypto implementation from OpenSSH is up-to-date.

I am very happy that git made SSH signing possible; it means I can delete my OpenPGP keys for good. I just hope linux distros will make the switch soon, to a more modern crypto approach: ssh signing or minisign.