GPG 与 SSH 密钥
GPG vs SSH keys
在 GitHub,我想添加一个密钥以将我的计算机与我的帐户相关联,我有两个选择:创建 SSH 或 GPG 密钥。
这两个键有什么区别?有没有首选的?
我了解如何按照网站上的指南创建两者,但我不知道哪个更好用。
I want to add a key to associate my computer with my account and I am given two options
如果您想使用 SSH URL 回传到您的存储库,您至少需要 SSH 密钥(因为 public SSH 密钥将对您进行身份验证)。
从 SSH 开始。参见“Connecting to GitHub with SSH”。
稍后,您可以use GPG to sign commits。
Vishwas M.R points out in to "Why would I sign my git commits with a GPG key when I already use an SSH key to authenticate myself when I push?
When you authenticate to Github with your SSH key, that authentication doesn't become part of the repository in any meaningful or lasting way.
It causes Github to give you access for the moment, but it doesn't prove anything to anyone who is not Github.
When you GPG-sign a Git tag, that tag is part of the repository, and can be pushed to other copies of the repository.
Thus, other people who clone your repository can verify the signed tag, assuming that they have access to your public key and reason to trust it.
在 GitHub,我想添加一个密钥以将我的计算机与我的帐户相关联,我有两个选择:创建 SSH 或 GPG 密钥。
这两个键有什么区别?有没有首选的?
我了解如何按照网站上的指南创建两者,但我不知道哪个更好用。
I want to add a key to associate my computer with my account and I am given two options
如果您想使用 SSH URL 回传到您的存储库,您至少需要 SSH 密钥(因为 public SSH 密钥将对您进行身份验证)。
从 SSH 开始。参见“Connecting to GitHub with SSH”。
稍后,您可以use GPG to sign commits。
Vishwas M.R points out in
When you authenticate to Github with your SSH key, that authentication doesn't become part of the repository in any meaningful or lasting way.
It causes Github to give you access for the moment, but it doesn't prove anything to anyone who is not Github.When you GPG-sign a Git tag, that tag is part of the repository, and can be pushed to other copies of the repository.
Thus, other people who clone your repository can verify the signed tag, assuming that they have access to your public key and reason to trust it.