Add support for commit signing using SSH (!5408) · Merge requests · GitLab.org / gitaly

Igor Drozdov requested to merge id-using-ssh-for-signing into master Feb 20, 2023

A commit's Author field can be edited, that's why commit signing is used to verify that a particular user is indeed the author of a commit: https://docs.gitlab.com/ee/user/project/repository/gpg_signed_commits/#configure-commit-signing

When a commit is created via Web UI or on merge, we can't sign a commit using the user's private key because we don't have access to it. But when the commit is created via Web UI or on merge, Author field cannot be edited. That's why we can sign it using Gitlab's instance private key and mention that The commit has been created on Gitlab.com and signed with GitLab's verified signature. Signing commits using OpenPGP has been introduced in: !4802 (merged)

However, there are concerns that the used library is neither FIPS-approved nor is using bindings to FIPS-approved modules: #4594.

This merge request uses the x/crypto library instead of its fork in order to implement signing via SSH. If we restrict the list of algorithms that are used, the solution seems to be FIPS compliant: !5408 (comment 1288360238), !5408 (comment 1288360227)

The current plan is to support both GPG and SSH keys but mention in the docs that only SSH solution is FIPS-compliant. Making GPG solution FIPS-compliant can be done as a follow-up; however, it's not yet clear which library to use for it.

Related issue: #4594 (comment 1285921203)

Edited Mar 03, 2023 by Igor Drozdov

Add support for commit signing using SSH

Merge request reports