Github code signing using SSH keys stored in tpm

tpm2-software / tpm2-pkcs11

A PKCS#11 interface for TPM2 hardware

https://tpm2-software.github.io

Other

278 stars 104 forks source link

Github code signing using SSH keys stored in tpm #848

Closed shafr closed 1 year ago

shafr commented 1 year ago

Hi there.

I'm not able to find correct way how to specify which key should be used for code signing in .git config when using tpm2-software. For SSH login it's described as:

Host github.com
  HostName github.com
  User git
  PKCS11Provider /usr/lib/x86_64-linux-gnu/libtpm2_pkcs11.so.1
  ForwardAgent yes
  PasswordAuthentication no

but not for code signing, it's not clear what should I put there:

[user]
    signingkey = ?

shafr commented 1 year ago

So apparently github uses public key and it's enough to store result of command:

ssh-keygen -D /usr/lib/x86_64-linux-gnu/libtpm2_pkcs11.so.1

somewhere on your drive