Public Key Cryptography
We all have passwords, but the major limitation of passwords is that it's secret! Yeah, seems very odd ? Also it is a form of symmetric encryption, that is whatever you use as key( passwords ) to lock your data is used to unlock it.
Consider this simple Alice[ Bandi ] and Bob[ banda ] example. Now if Alice wants to send some data to Bob which will be encrypted over the network, they need to decide a way to encrypt it. Suppose they decide to use a simple Shift Cipher to do it. Shift Cipher Works as follows:
Plaintext: abc
Key : 2 ( say )
Ciphertext: (a+2)(b+2)(c+2) == cde
The method of Encryption is open and so is the method of Decryption. The only thing that holds any security is the KEY( 2 in the above case ). But if Alice and Bob are to use the same key for encryption and decryption, then there must be some way to communicate it before they actually do any conversation.! And hence the security of Key falls in hands of method of communication. Suppose we encrypt the method of Key Distribution we're into a loop....!!!
Public Key Cryptography comes as a rather surprise. In this scheme a person has a pair of Public and Private keys( generated by a suitable software ). The above problem of Alice<-->Bob interaction is handled in the following way.
Preconditions: Alice's and Bob's Public Keys are open to everyone, but the private keys are kept secret. A message encrypted by the Private Key can be Decrypted by the Public key and a message encrypted by a Public Key can be decrypted by the private key only.
Message Sending: Alice sends a message "abc"( say ) and encrypts that with the Public Key of Bob. Hence when Bob receives it, only he can Decrypt it with his private key.
If you notice we have completely avoided the problem of Key Distribution.
Public-Private Keys and GIT
Whenever you make a commit to the GIT repository there should be a way in which GIT can authenticate whether you're the authorised person to do so. It contains the Public Keys of all those who are allowed to make changes to the GIT Repository. When you send a message to Repository saying: "hey git, add this file", such a query is Encrypted with your Private Key, GIT knows your username and hence it sees if it has a Public Key corresponding to your username. If it exists, it'll try to Decrypt the query using the Public Key. If successful, that is the query makes sense, it'll authorise you. An incorrect Public Key will give garbage results which GIT will discard.
Making your Public Keys
Making Public Keys is simple and we'll be using a simple software called ssh to do so. All further steps are done on an Ubuntu.
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sanket/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Give appropriate information, remember to give a passphrase it'll save you in case you miss your private key. The key'll be generated in /home
The names of the files will be: id_rsa( private key ) and id_rsa.pub( public key ).
From now on this key is your identity, and yeah it's your universal identity.!
Handing me the keys
As I am the repository owner, you'll have to hand me over the Public Keys. You may do so by mailing me a copy at my email address or Posting on the list itself, Public Keys are meant to be public so don't hesitate in telling it to the whole world ;).
Please mail the file id_rsa.pub ONLY. And also remember to rename it to a username you would like to have.
Recommendation: Suppose my gmail account is: snktagarwal. I would send a copy of id_rsa.pub as snktagarwal.pub. You are also expected to follow the protocol.
Using the public-private key pair in GIT
Now I'll show you how to use your Public Private key pair with GIT. It is assumed that you've already done the following above steps:
- Made a Public-Private( RSA ) key pair using ssh-keygen. SSH produces RSA Key Pairs.
- Given me the Public Key with the name
.pub - I have added you to the trusted users group!
In the free_monkey repository you may see many Branches below in Heads section. These are the Branches created by various "Trusted" users. Wait for it, you'll have your own branch very soon :P.
1. Configuring ssh to port 4545
SSH on port 22 is blocked outside halls, so you won't be able to do normal SSH traffic. For bypassing this security you need to be able to talk with my server on Port 4545, my server is configured so as to read on port 4545. Make the following changes:
$ sudo gedit /etc/ssh/ssh_config
Change the # Port 22 to Port 4545.
Before:
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
After:
# IdentityFile ~/.ssh/id_dsa
Port 4545
# Protocol 2,1
2. Create a username for yourself in GIT
Execute these commands on your machine to tell others what your name stands for:
$ git config --global user.name "Your Name Comes Here"
$ git config --global user.email mail@domain.com
3. Check out a copy of the repository
It's as simple as it may get:
$ git clone git@203.110.246.113:free_monkey.git
Let me explain this command to you:
- git@ means that the machine that you are contacting has a user called git which will provide the git services. It could be git or repos or anything depending on the server administrator. Hence in our case I have named it to git on my server.
- 203.110.246.113 is IP of the server.
- free_monkey is the name of the repository which has default extension of .git.
If you're successful you'll have somthing like this:
Initialized empty Git repository in /home/user1/git/free_monkey/.git/
Enter passphrase for key '/home/user1/.ssh/id_rsa':
remote: Counting objects: 111, done.
remote: Compressing objects: 100% (80/80), done.
remote: Total 111 (delta 17), reused 0 (delta 0)
Receiving objects: 100% (111/111), 48.99 KiB, done.
Resolving deltas: 100% (17/17), done.
4. Make your own branch and have fun with the repository!
Here are the brief steps to make your own branch, refer to this if you want a review of commands.
$ git branch
$ git checkout
$ vim README
...make some changes...
$ git add README
$ git commit -a -m "
$ git push origin
The last command needs some explanation:
- Push: make a commit on the remote server
- origin branchname: This tells git to push on branchname, which is your branch!
This wiki might be awefully incomplete, but given the time limitations, I am bounded. Please ask any doubts in this post or on the KGP list if needed.!