On 2022-10-11 at 18:12:19, Nicolas Graves wrote: > > Hi! Hey, > I noticed git commit signing works well with ssh-ed25519 keys, but does > fail with sk-ssh-ed25519@xxxxxxxxxxx SSH hardware keys (with can be > used to clone / post to github for instance). I was surprised to hear that, so I just tested on my Debian amd64/sid system, and I was able to sign and verify using an sk-ssh-ed25519@xxxxxxxxxxx SSH key using my YubiKey 5C. I do believe it does work, although when the signature occurs, there's no notice that it's waiting for user interaction, so you just have to look at the lights to determine that the touch is needed. Could you maybe mention what version of OpenSSH you're using and on what platform? I used 9.0p1, and as I mentioned, it's Linux. The output looks like so: $ git verify-commit --raw HEAD Good "git" signature for sandals@xxxxxxxxxxxxxxxxxxxx with ED25519-SK key SHA256:PNxAWB7cxxxrCTbgsdoDq71o3rCm9O7Er4q+0YrEAdM Specifically, what error message or other indications of failure do you see when you try to sign? > I also noticed a similar error in a previous mail from Cuckoo Aidan > <aidancuckoo@xxxxxxxxx>, but he doesn't say which type of key he > used. In any case, would that be possible to include the info about > which type of keys cannot be used to commit in the github guide > https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key#telling-git-about-your-ssh-key) ? We don't control the GitHub documentation, since we're independent of GitHub. If there's incorrect information, you'd need to contact GitHub. However, as I mentioned above, I do believe this works at least in some cases. -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature
