https://kxue43.github.io/notes-and-blogs/tags/git/Recent content in Git on Ke's Notes and BlogsHugoen-usTue, 05 Nov 2024 21:38:04 -0500https://kxue43.github.io/notes-and-blogs/notes/gpg-for-github/Tue, 05 Nov 2024 21:38:04 -0500https://kxue43.github.io/notes-and-blogs/notes/gpg-for-github/<p>GPG, or GNU Privacy Guard, is a free-software replacement for Symantec&rsquo;s PGP cryptographic software suite. GPG is not a new cryptographic algorithm. GPG keys are simply those generated by the GPG software using existing algorithms such as RSA.</p> <p><code>gpg</code> is a CLI tool for managing keys, and the keys it generates have more features. For example, GPG keys can expire or be revoked. With GitHub, SSH keys are used for authentication, while GPG keys are used for signing commits and tags. Commit-signing makes sure the committer is indeed who he/she claims to be &mdash; otherwise any one can claim to be any one by setting username and password with <code>git config</code>.</p>