[woodruffw]

I think it's pretty clever, and demonstrates something very powerful about GitHub's position as de facto global code repository: you can get a strong cryptographic identity for (almost) anyone on the service, which you can then sign/encrypt to, verify for, etc.

age (another tool of Filippo's) leverages this to make encrypting to any GitHub user easy[1].

[1]: https://github.com/FiloSottile/age#encrypting-to-a-github-us...

[tcard]

> you can get a strong cryptographic identity for (almost) anyone on the service, which you can then sign/encrypt to, verify for, etc.

I made https://sshign.tcardenas.me/ to take advantage of this. For example: [1]

In the end, it isn't that useful. I only routinely sign digitally to deal with the (Spanish) government, and they provide their own certificates and software to do that.

[1] https://sshign.tcardenas.me/?signer=github.com%2Ftcard&messa...

[alexeldeib]

Sorry, this web UI encourages me to upload private keys? Immediate nope for serious usage. Nice for testing, like jwt.io, though.

The signature verification is handy.

[xwolfi]

In Hong Kong and France where I pay taxes we seem to only use passwords. Sadly nobody has hacked my tax account and paid them for me :D