:::' ####:::::' ######::' ######:::::
::::' ##:::::: ##::: ##: ##::: ##::::
::::: ##:::::: ##::: ##: ##::::::::::
::::: ##:::::: ##::: ##: ##:: ###::::
::::. ##:: ##: ##::: ##: ##::. ##::::
:::: ########:. ######::. ######:::::
::::........:::......::::......::::::

How to use your TKey with GitHub

Date: 2024-05-28

This is a simplified guide for setting up your TKey to be able to do GitHub SSH operations and signing your commits with SSH. I use MacOS, if you use any other OS the steps and commands may differ.

Feel free to deep dive in the GitHub documentation if you want a more in-depth setup guide. And if you want to know more about TKey, you can find information here.

GitHub SSH

Prerequisites

Before we can do SSH operations towards GitHub we must install the TKey ssh-agent. The TKey ssh-agent is an application which lets you do SSH Public Key Authentication.

Follow the official guide from Tillitis to install and generate a public SSH key.

Add the SSH key to the tkey-ssh-agent and follow the prompted steps by running ssh-add in your terminal. Make sure the path of the environment variable SSH_AUTH_SOCK is something like /opt/homebrew/var/run/tkey-ssh-agent.sock when running echo $SSH_AUTH_SOCK.

GitHub

Add SSH key to GitHub

Go to SSH and GPG keys and add a new SSH key. The Key field should contain the public key you generated before. Fetch it again by running 

    
        ssh-add -L
        # output: ssh-ed25519 [the public key] TKey

You can test by cloning a repository. If everything is setup correctly the TKey should flash green, touch the sensor on your key to confirm, and the operation will proceed. 

    
        git clone git@github.com:<username>/<repository>.git

Signing commits

In git you have the ability to sign your commits and tags. When you sign a commit, you are ensuring that the commit originated from you and not someone else. We can sign our commits with the SSH key we already generated. Lets configure our git to use ssh as gpg format, and point the signing key to our already generated public key. 

    
        git config --global gpg.format ssh
        git config --global user.signingkey ~/path/to/.ssh/key.pub

Now we must tell GitHub about our signing key. Go to SSH and GPG keys again and add a new SSH key. Select "Signing key" in the dropdown and use the contents of the public key generated before, run cat ~/path/to/.ssh/key.pub to get what you need.

We should new be able to sign our commits and get a beautiful little "Verify" label on our commits in GitHub.

Sign commits with git commit -S -m "Commit message", or configure git to sign all commits by default 

    
        git config --global commit.gpgsign true