Learn how to enhance Git commit security using Pretty Good Privacy (PGP) and Gnu Privacy Guard (GPG) in this informative conference talk. Explore the basics of public key cryptography, set up your own PGP public key, and discover the integration between PGP and Git for signing commits. Understand the importance of verifying commit authenticity in open-source projects and how to build a "web of trust" among contributors. Gain practical knowledge on implementing signed commits, configuring repositories for signing, and advanced key usage and maintenance. Delve into topics such as symmetric vs asymmetric cryptography, hash functions, and the process of publishing and signing keys. Master the techniques to ensure the legitimacy of contributions and strengthen the security of your Git workflow.
Overview
Syllabus
Intro
Thomas Qvidahl
How encryption and decryption works, the very very short version...
Symmetric vs Asymmetric cryptography
How Public Key cryptography works, the very very short version...
For larger datasets, use symmetric key to encrypt data
Hash function
My Public Key
Pretty Good Privacy
Gnu Privacy Guard
Installing GPG
4. Publishing keys and signing other people's keys
Signing git commits
Enforcing signed git commits
Advanced key usage and maintenance
Thank you!
Taught by
Linux Foundation
