Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If the key is only used for signing, then why an SSH key?


because the ssh-keygen UI is considerably easier and likely more familiar than gpg.

I shouldn't have to know what ElGamel is to sign a commit.


> I shouldn't have to know what ElGamel is to sign a commit.

I use gpg to sign my commits, it was as easy to setup as git ssh keys were... I don't know what ElGamel is either.


I have a pretty decent security setup (password manager, multiple SSH identities, OTP 2FA, Yubikeys) but GPG is such a usability nightmare I don't want to touch it with a 10 foot pole.


That still doesn't answer why this needs to be solved by added SSH signing format to git (which everything in the ecosystem needs to adapt to) instead of creating a better gpg-keygen.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: