github
/
smimesign
зеркало из https://github.com/github/smimesign.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
An S/MIME signing utility for use with Git
9 коммитов 1 ветка 18 Теги 3 MiB
Go 98.7%
Inno Setup 1.1%
Shell 0.2%
Перейти к файлу
Ben Toews 5abdd89a0b
implement --list-keys command 		2017-11-29 12:36:08 -07:00
.gitignore rename. add readme. add license 2017-11-29 11:09:16 -07:00
LICENSE.md rename. add readme. add license 2017-11-29 11:09:16 -07:00
README.md rename. add readme. add license 2017-11-29 11:09:16 -07:00
command_sign.go emit statuses during verification 2017-11-28 17:25:14 -07:00
command_verify.go emit statuses during verification 2017-11-28 17:25:14 -07:00
list_keys_command.go implement --list-keys command 2017-11-29 12:36:08 -07:00
main.go implement --list-keys command 2017-11-29 12:36:08 -07:00
parse_user_id.go get signing working 2017-11-22 08:31:25 -07:00
rdn_sequence_string.go implement --list-keys command 2017-11-29 12:36:08 -07:00
status.go implement --list-keys command 2017-11-29 12:36:08 -07:00
utils.go implement --list-keys command 2017-11-29 12:36:08 -07:00

README.md

smimesign (S/MIME Sign)

Smimesign is an S/MIME signing utility that is compatible with Git. This allows developers to sign their Git commits and tags using X.509 certificates issued by pubic certificate authorities or their organization's internal certificate authority. Smimesign uses keys and certificates already stored in the macOS Keychain or the Windows Certificate Store.

Git Signing, GnuPG, PKI, and S/MIME

Git allows developers to sign their work using GnuPG. This is a form of public key cryptography whereby the notion of trust is distributed. The party verifying a signature may directly know of the signer's identity and public key, or the signer's identity may be vouched for by a third party known to the verifier. Through layers of "vouching", a web-of-trust is established.

Such a model is well suited to an unstructured environment. In hierarchical environments though, such as a corporation or other large organizations, a simpler approach is for digital identities to be issued and vouched for by a centralized authority. With this approach — known as Public Key Infrastructure, or PKI — an organization's certificate authority (CA) issues signed certificates that identify subjects such as people or computers. Embedded in these certificates is the identity's public key, allowing others who trust the CA to verify that identity's signatures.

PKI is used in a variety of applications for encrypting or authenticating communications. Secure Mime (S/MIME) standardized a protocol for encrypting and signing emails using PKI. While protecting email was the original intent, S/MIME can protect any type of data, including Git commits and tags. Signing Git data with S/MIME provides the same protections as GnuPG while allowing for the more hierarchical trust model of PKI.

Installation

...

Configuring Git

Git needs to be told to sign commits and tags using smimesign instead of GnuPG. This can be configured on a global or per-repository level.

Configure Git to use smimesign for a single repository:

$ cd /path/to/my/repository
$ git config --local gpg.program smimesign

Configure Git to use smimesign for all repositories:

$ git config --global gpg.program smimesign

Configuring smimesign

No configuration is needed to use smimesign. However, you must already have a certificate and private key in order to make signatures. Furthermore, to sign Git commits or tags, it is best to have a certificate that includes your Git email address.

Find your Git email address:

$ git config --get user.email

List available signing identities

$ smimesign --list-keys