1 Public Key Cryptography
In the 1970ies several cryptographers invented public-key cryptography independently of each other. With the low computing power available then it could not be used in practice. Since the 1990ies it is used widely in ssh, e-mail encryption and SSL/TLS.
The basic idea is to have an assymetric encryption system: two different keys are used: a public key for encryption and a private key for decryption
This system has some important consequences: Only Alice can ever read the encrypted message. If you want to send encrypted messages to three people, you need three different public key for encryption.
Alice needs to keep here private key private, but can publish her public key anywhere: on the web, in an e-mail signature, on her business card.
2 ssh
We will be using public key cryptography for ssh and git. For these systems the keys are stored in a folder .ssh in your home directory.
-
id_rsa
- your private key is stored in~/.ssh/id_rsa
-
id_rsa.pub
- your public key is also in~/.ssh/id_rsa
The directory .ssh
can also contain two other important
files: config
and authorized_keys
.
But first: how do you get a key pair?
2.1 Generating keys
Decide which e-mail address you want to use - this address will be your identity as a developer from now on. (so maybe don't use a really private one)
Type this in the terminal (with your own e-mail address:)
ssh-keygen -C exampleme@example.com -t rsa
Press enter to accept the default key save location. Do not use a passphrase.
After key generation is complete, you'll have output that looks like this:
Generating public/private rsa key pair. Enter file in which to save the key (/Users/student/.ssh/id_rsa): Created directory '/Users/student/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/student/.ssh/id_rsa. Your public key has been saved in /Users/student/.ssh/id_rsa.pub. The key fingerprint is: 88:54:ab:11:fe:5a:c3:7s:14:37:28:8c:1d:ef:2a:8d exampleme@example.com
Now check if your two keys are really stored in ~/.ssh/id_rsa
and ~/.ssh/id_rsa.pub
!
2.2 Using keys with ssh
If you want to use these keys for logging in to a server without using a password, you have to copy over your public key to the server.
On the server your public key must be stored in ~/.ssh/authorized_keys2
,
then ssh will let you log in without giving a password
The authorized_keys file can contain several public keys:
ssh-rsa AAAAB3NzaC...2EAAAABI== alice@fh-salzburg.ac.at ssh-rsa AAAAB8NzaC...DVj3R4Ww== bob@fh-salzburg.ac.at
3 git
Git uses two different transport modes: http and ssh.
To upload (push) data to remote repository you should use ssh, and this is where you need your key pair.
You need to tell your remote git repository about your public key. This works slightly differently for different servers:
3.1 Useing keys with github
Generate an account on github. Chose a username that is not embarassing (not now, and not in 3 years when you are a professional developer). You can chose a synonym instead of using your real name if you are not sure yet if you want to be identified on the interent.
Now you can add your public key to your github account.
3.3 remember to use ssh!
When you clone a remote repository remember to use the address that starts with git@
, not
an address that starts with http
!