|
|
|
|
|
|
by edwintorok
4465 days ago
|
|
|
You can have SSH keys on your OpenPGP keyring (with the next version of GnuPG at least it should be supported), so then the 'public gist' shouldn't be required by 'keybase prove github' at all: * you put your public SSH key on your OpenPGP keyring (which is signed by your main identity), you publish your updated key - this proves the relationship between the SSH key and the OpenPGP key * you use the 'github.com/username.key' to check the association between the github username and the SSH key This leaves the problem that the assocation between your username and SSH key is weak(er) as its not cryptographically signed, and that you do this validation outside PGP's web of trust model. |
|
|