Rationale/reasons for splitting Sign and Authenticate into two separate subkeys in a work-environment?
Philihp Busby
philihp at gmail.com
Thu Dec 24 13:29:31 CET 2020
On 2020-12-22T13:31:42+0100 Christian Chavez via Gnupg-users
<gnupg-users at gnupg.org> wrote 2.8K bytes:
>I'm currently helping my workplace test out Yubikeys - to see how/if
>they could help us with our software development. One expected benefit
>is to allow developers cryptographically sign Git commits/tags (e.g).
I hope I'm not the only one on this list that may have left innocuous
commits forged under the name of someone who didn't work there anymore
to prove that a less ethical person may have already gotten away with
actually committing malicious code.
I was in an org once that had a neat system of generating SSH keys on
hardware tokens, and then distributing them to the servers that each
person should have access to. It was hella cool. I did something
similar with my home LAN by swapping ssh-agent for gpg-agent on my
terminals, and using a keyserver to distribute my public key to devices.
More information about the Gnupg-users
mailing list