I don't know whether this is clever or not. But it ID'd me from my Github accoun...

woodruffw · on Jan 8, 2023

I think it's pretty clever, and demonstrates something very powerful about GitHub's position as de facto global code repository: you can get a strong cryptographic identity for (almost) anyone on the service, which you can then sign/encrypt to, verify for, etc.

age (another tool of Filippo's) leverages this to make encrypting to any GitHub user easy[1].

[1]: https://github.com/FiloSottile/age#encrypting-to-a-github-us...

tcard · on Jan 8, 2023

> you can get a strong cryptographic identity for (almost) anyone on the service, which you can then sign/encrypt to, verify for, etc.

I made https://sshign.tcardenas.me/ to take advantage of this. For example: [1]

In the end, it isn't that useful. I only routinely sign digitally to deal with the (Spanish) government, and they provide their own certificates and software to do that.

[1] https://sshign.tcardenas.me/?signer=github.com%2Ftcard&messa...

alexeldeib · on Jan 9, 2023

Sorry, this web UI encourages me to upload private keys? Immediate nope for serious usage. Nice for testing, like jwt.io, though.

The signature verification is handy.

xwolfi · on Jan 9, 2023

In Hong Kong and France where I pay taxes we seem to only use passwords. Sadly nobody has hacked my tax account and paid them for me :D

frutiger · on Jan 8, 2023

As a side note public keys are available on GitHub, e.g. https://github.com/FiloSottile.keys.