Nitrokey 3: Git

Previous posts:

When committing new code changes in a git repository, you can sign it to prove the identity of the commit author.

Using a PGP smart card here does not change anything.

List your keys:

$ gpg --list-secret-keys --keyid-format=long
sec#  rsa4096/0123456789ABCDEF 2023-01-01 [C]
uid                 [ultimate] Firstame Lastname <>
uid                 [ultimate] Firstame Lastname <>
ssb>  rsa4096/0011223344556677 2023-01-01 [S]
ssb>  rsa4096/8899AABBCCDDEEFF 2023-01-01 [E]
ssb>  rsa4096/FEDCBA9876543210 2023-01-01 [A]

Note what the signing sub-key fingerprint is (0011223344556677 in this example) and add it to git:

$ git config --global user.signingkey 0011223344556677!

The exclamation mark ! above is to tell that we are using a sub-key.

Now just add -S when doing a git commit to sign it.

Like for SSH, to make the key require to be touched to allow signing, configuring the User Interaction Flags is needed.

Next steps:

Comments Add one by sending me an email.