Signing patches

In any distributed system, it is important to be able to tell your coauthors who you are in a secure way. One possible way to do this is to sign your patches.

If you choose to do so, others will expect your patches to be signed, and will reject attempts to impersonate you.

Signing patches doesn't prevent others from stealing your patches, ripping off the patches' signatures and signing them as their own, though.

After a keypair is generated, pijul record will automatically sign all your patches.

Generating a secret key

Pijul can generate signing keys, either per repository (the keys are then stored in the .pijul of that repository) or globally (in which case the keys are stored in your home directory). For security reasons, patches can be signed by only one person, even patches with multiple authors.

To generate a signing key in you user account, run the following command in a terminal:

pijul keys --generate-signing

Uploading your public key to the Nest

For security reasons, the Nest will never offer you any interface to upload your public key.

Instead, Pijul can be asked to convince the Nest (or actually any other server) that you really own the secret key associated to your public key. Once you have a secret key, this can be done by running the following command in a terminal:

pijul keys --upload-to

Internally, that command asks the Nest to generate a challenge string, signs it, and replies with the signature. If the signature is correct, the Nest will know the public key, and recognise it as yours.

Why not PGP?

Pijul users with an experience with public keysystems will probably wonder why Pijul uses its own signature system instead of PGP. This choice was carefully considered, and a prototype PGP library was even written as part of the Pijul project as some point.

However, PGP has several drawbacks:

  • It is quite bad from a privacy perspective, because all its users shout out to the world who their friends are, when they met, etc.

  • The PGP protocol specification is really ambiguous, which is terrible for security, and not great for user experience, portability, and interoperability with existing software.

  • The main free implementation of PGP, GnuPG, is an extraordinarily complex and large project, where even non performance-critical parts are written in C by mostly a single person. From a security and user experience point of view, this is possibly suboptimal.