SSH Commit Signing

mrgrainmrgrain
Community Member
in SSH

I've stated signing my git commits using SSH.

However this only seems to work with setting the SSH_AUTH_SOCK env variable. For some reasons I cannot set that variable everywhere and have to rely on host specific IdentityAgent configuration.

This is the error

git commit -m"test"
error: Load key "/var/folders/_z/<random-string>/T//.git_signing_key_<random-string>": invalid format?

fatal: failed to write commit object

Prepending the command with SSH_AUTH_SOCK=~/.1password/agent.sock git commit -m"test" works.

This issue also applies to VSCode.

As per the git docs, to used program is ssh-keygen. I guess it doesn't read ssh config files or at least wouldn't be aware of a host to use.

Question: Does 1Password provide a binary compatible to ssh-keygen that I could set as gpg.ssh.program in my gitconfig?


1Password Version: 8.7.3
Extension Version: Not Provided
OS Version: macOS
Browser:_ Not Provided

Comments

  • mrgrainmrgrain
    Community Member
    edited July 6

    In the meantime I have created a gpg-ssh-program helper script myself:

    #!/bin/sh
    SSH_AUTH_SOCK=~/.1password/agent.sock ssh-keygen "[email protected]"
    

    And then as git config:

    [gpg "ssh"]
        program = /Users/<username>/<path-to-script>/gpg-ssh-program
    
  • floris_1Pfloris_1P

    Team Member

    We are looking into shipping something like that with the 1Password app. And what you're using now is exactly what I was about to suggest.

  • mrgrainmrgrain
    Community Member

    @floris_1P Great to see your version of op-ssh-sign launch!

    One thing that seems a bit odd is when 1password is not started (or active)?

    It fails with this cryptic error message:

    ✗ git commit -m"test"
    error: Error: AppError { error: could not connect to agent
    
    Caused by:
        std::io::error::Error, location: Location { file: "ssh/op-ssh-sign/src/utils.rs", line: 27, col: 14 } }
    
    fatal: failed to write commit object
    
  • floris_1Pfloris_1P

    Team Member

    The error messages in op-ssh-sign are a bit cryptic indeed, we're actively working on improving those! But I assume you did get it working now, correct?

  • mrgrainmrgrain
    Community Member

    Yes, it is working perfectly when 1Password is running. Good work 👍

    My workaround is to start 1Password by hand and try again. Ideally the app would just be started automatically in this situation.

  • floris_1Pfloris_1P

    Team Member
    edited September 9

    Yep, that is something we have on the roadmap. In the mean time, there's this setting on Mac that could already mostly cover it:

  • mrgrainmrgrain
    Community Member

    Thanks for the tip! Alas my configuration is more subtle and I already have this checked.

    If you're interested, I think this is what is causing it:

    • Disable "Keep 1Password in menu bar" (Also no browser extension. What I'm getting is: There's nothing else wanting 1Password to be running)
    • Enable "Lock on sleep, screensaver, or switching users"
    • Lock your Mac
    • Login again
    • git commit
    • 💥 Boom, error

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file