user.signingkey without gpg? (using s/mime or ssh?)

user.signingkey without gpg? (using s/mime or ssh?)

[Thomas Schittli]

Dear Git Community
 
I've spent almost a day to find an answer to this question:
 
We already have trusted Certificates from a CA. Can we use them instead of an additional PGP key?
We already have:
- s/mime certificate
- web server ssl/tls certificate
- XMPP Jabber ssl/tls certificate
- Object Code Signing certificate
 
Or if we have to use a new pgp key: can we sign it using any of our certificates?
 
Thanks a lot for any hint in advance!,
kind regards,
Thomas
 
 
 
 
 

Re: user.signingkey without gpg? (using s/mime or ssh?)

[brian m. carlson]

[-- Attachment #1: Type: text/plain, Size: 927 bytes --]

On Fri, Apr 18, 2014 at 10:04:50PM +0200, Thomas Schittli wrote:
> We already have trusted Certificates from a CA. Can we use them
> instead of an additional PGP key?

Git wants a key that can be used by GnuPG, and X.509 certificates can't
be.  It invokes the gpg binary that's in your path, so X.509 integration
isn't possible unless gpg learns about it.

> We already have:
> - s/mime certificate
> - web server ssl/tls certificate
> - XMPP Jabber ssl/tls certificate
> - Object Code Signing certificate
>  
> Or if we have to use a new pgp key: can we sign it using any of our
> certificates?

Only in the sense that you can sign any arbitrary piece of text or data
with your certificates.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]