Welcome to the VIP

๐Ÿ•“ Feb 27, 2019 ยท โ˜•2 min read

Being Verified

Computer security in essence boils down to two things:

  • Authentication : How can we prove who you are?
  • Authorization : What access do you have?

Implementing secure systems often comes down to good habits. This
is one topic where the broken window theory tends to show its symptomps.
Meaning small hacks, lazinesses and lowering of standards tend to propagate and
eventually cause the whole system to become and unmaintainable mess.

I absolutely recommend reading the pragmatic programmer for more on this.

Good crypto habits is a good thing. If you are to be trusted as an
administrator of a system, then you should have good habits on crypto, and take
computer security seriously.

Signing commits with GPG

Gnu Privacy Guard or GPG is the underlying open source clockwork behind a lot
of crypto in the UNIX ecosystem. So lets use it to sign our commits. Heres the
breakdown.

First lets create the key pair

1
2
3
gpg --gen-key
gpg --list-secret-keys --keyid-format LONG # find the <key>
gpg --armor --export <key> # Public key for github

And configure git and git(Hub/Lab)

1
2
git config --global user.signinkey <key>
git config --global commit.gpgsign true

The public key provided in the line of the first stage should be put in your
account on github/gitlab/whatever

Congrats, you should now be verified!


@peakbreaker
WRITTEN BY
@peakbreaker
Data Engineer