SigmarStern

Thanks for that rabbit hole. My former colleagues and I have just started a new conversation thread in our WhatsApp group about the differences of (non-) cryptographic hashes and encryption. And all because I was confused why you’ve chosen to reference the public key file in your original comment. Well, at least I’m learning something.

Sorry for the confusion about “encryption”. I meant “signing” which is encrypting a hash of the commit with your private key, so that others can verify that your the author of the commit using your public key and the hash.

I think, the only confusion here was the original comment that referenced the public key for signing, but this was resolved, as it is just telling git which key pair to use. Probably, all people here understand the basics of asymmetrical encryption and signing and it was merely misunderstanding of how the command for signing git commits can be used.

OH! Now I see! Thanks for pointing that out.

Yeah, sorry, I meant signing, not encrypting. I know about asymmetrical encryption. That’s why I was confused by the original statement. For signing you use your private key so that others can verify your identity by using your public key for checking the signature. For encrypting data you use the public key of the receiver.

The original comment used the public key for signing, which is not what you want to do. I now read the explanation.

But why? Public is public. People can take my public key. The can encrypt my commit, making it indistinguishable from my commit.

Isn’t the idea to use your private key for encryption so that everyone can use your public key to decrypt your signature and to verify that it’s you who actually did the commit, because no one else has access to the private key?

Aren’t clock tattoos like such a cliché that tattoo artists role their eyes when you ask for one? Are a bunch of millennials and gen-x deemed gang members because they followed a trend?

Are you using your public ssh key for signing? Wouldn’t it make more sense to use the private one as people can then verify your identity by using your public key?

Oh yeah, I remember the good ol’ “Our whole business Logic is within this 30 tables spread sheet, that only one person can read, and don’t you dare restarting that computer” times.

One person. Sitting in front of three monitors. In front of a spreadsheet that maxed out every resource of that computer. It was glorious.

I recently found out about this and I love it! Used to use paperwork for my scanning and archiving but paperless ngx is so much better.

I want that on a t-shirt! And I’m definitely going to steal it for my slack tagline.