{"id":17696126,"url":"https://github.com/ovyerus/gfh","last_synced_at":"2025-04-30T14:40:30.644Z","repository":{"id":63128585,"uuid":"565429302","full_name":"Ovyerus/gfh","owner":"Ovyerus","description":"Git FIDO Helper - Sign your Git commits with multiple resident SSH keys","archived":false,"fork":false,"pushed_at":"2024-03-20T08:34:51.000Z","size":128,"stargazers_count":25,"open_issues_count":3,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-30T17:02:26.346Z","etag":null,"topics":["fido2","git","signing","solokeys","ssh","yubikey"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Ovyerus.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-13T11:42:06.000Z","updated_at":"2025-01-05T18:42:39.000Z","dependencies_parsed_at":"2024-03-20T09:53:46.857Z","dependency_job_id":null,"html_url":"https://github.com/Ovyerus/gfh","commit_stats":{"total_commits":31,"total_committers":2,"mean_commits":15.5,"dds":"0.032258064516129004","last_synced_commit":"0f3ab7a90980c6ee898e1ede84ce88b39ae9c231"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ovyerus%2Fgfh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ovyerus%2Fgfh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ovyerus%2Fgfh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ovyerus%2Fgfh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Ovyerus","download_url":"https://codeload.github.com/Ovyerus/gfh/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251722761,"owners_count":21633009,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fido2","git","signing","solokeys","ssh","yubikey"],"created_at":"2024-10-24T14:43:20.584Z","updated_at":"2025-04-30T14:40:30.610Z","avatar_url":"https://github.com/Ovyerus.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gfh\n\n\u003e Git FIDO helper, or God Fucking Help me.\n\ngfh is a tool for helping you sign your commits in Git with resident SSH keys\nstored on multiple FIDO devices.\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#getting-started\"\u003eGetting Started\u003c/a\u003e\n  -\n  \u003ca href=\"#usage\"\u003eUsage\u003c/a\u003e\n  -\n  \u003ca href=\"#installation\"\u003eInstallation\u003c/a\u003e\n\u003c/p\u003e\n\n**NB:** Currently this project has only been tested with the YubiKey 5C NFC. Any\nFIDO2 certified device _should_ be compatible, but please let me know if you\nencountered any issues with particular devices, or also if it works fine so that\nI can have a running list of all keys that are verified working.\n\n## Getting Started\n\nBefore you get started with gfh, you'll need to make sure that you already have\na resident SSH key on your FIDO key(s). The simplest way to do this is via\n`ssh-keygen -t ed25519-sk -O resident`, but there are better guides online if\nyou need some different stuff.\n\nIf you don't own multiple FIDO keys/only use one resident SSH key, then you more\nthan likely do not need to use gfh. This tool has a very niche use case due to\nGit not supporting multiple `signingkey`s. If you only use one resident SSH key\nfor signing your commits, you can just use that config option without gfh.\n\n### Caveats\n\nI've only personally validated gfh as working on macOS, some friends of mine has\nhad it work fine on Windows (10 \u0026 11), but I haven't had any luck with that\nmyself.\n\n\u003c!-- On Windows, it appears that signing commits with a resident SSH key is\nfundamentally broken in some weird way, requiring an Administrator prompt in\norder to properly work - even though if you run the `ssh-keygen` command Git\nruns and run it by itself, it runs perfectly fine. I suspect this might be\nrelated to that section of Windows OpenSSH not being integrated with Windows\nHello like using it for SSH connections is, but I'm unsure. --\u003e\n\nOn Linux, gfh seems to fail with\n`warning: gpg.ssh.defaultKeyCommand succeeded but returned no keys: key::...`,\nwhich makes no sense, because the format it expects is evidently there. A friend\nof mine has said that running `` eval `ssh-agent` `` (or `eval (ssh-agent -c)`\nas the Fish equivalent) solved the issue for them, however I haven't had any\nluck with this personally so YMMV.\n\nIf you ever find out a consistent workaround for these problems, please let me\nknow and I'll try and see if I can reproduce them.\n\n## Usage\n\nThe simplest way to add your keys to gfh is via `gfh -a`. This will prompt you\nto select the FIDO key to use, as well as the path to the public key (or private\nkey) to use with it (this must be a resident key that you generated for that\nparticular FIDO device).\n\nIf you prefer, you can edit the config manually by creating a file at\n`~/.config/gfh/keys` with the following format:\n\n```\nserial::~/.ssh/id_ed25519_sk\nserial::~/.ssh/id_ecdsa_sk\n```\n\n(Blank lines \u0026 lines starting with `#` will be ignored, but won't be retained if\nyou use `gfh -a`)\n\nAfter importing your keys to gfh, run the following commands to set up SSH\nsigning with Git:\n\n```sh\ngit config --global commit.gpgsign true\ngit config --global tag.gpgsign true\ngit config --global gpg.format \"ssh\"\ngit config --global gpg.ssh.program \"gfh-keygen\"\ngit config --global gpg.ssh.defaultKeyCommand \"gfh\"\n```\n\nIf you're on Windows, change the last two commands to set `gfh-keygen.exe` and\n`gfh.exe` respectively.\n\n(You shouldn't set `user.signingkey` because gfh will handle that for you\nautomatically.)\n\nIf all goes according to plan, you should be able to create a new commit or tag\nwith your FIDO key plugged in, and Git will correctly prompt you to sign with\nit.\n\n## Installation\n\n### Releases are currently pending fixed CI builds, in the meantime you can install via Cargo just fine.\n\nStatic binary builds of gfh are available on our\n[releases page](https://github.com/Ovyerus/gfh/releases) for Windows (x86), Mac\n(ARM \u0026 x86), and Linux (various architectures).\n\n### Homebrew\n\n`brew install ovyerus/tap/gfh`\n\n### Scoop\n\n```\nscoop bucket add ovyerus https://github.com/Ovyerus/bucket\nscoop install gfh\n```\n\n### AUR (unofficial)\n\nAn unofficial AUR package from [wale](https://github.com/wale) is available at\nhttps://aur.archlinux.org/packages/gfh. You can use your favourite AUR helper,\nor you can install it manually like so:\n\n```\ngit clone https://aur.archlinux.org/gfh.git\ncd gfh\nmakepkg -fsri\n```\n\n### Crate\n\n`cargo install gfh`\n\n### From source\n\nPull this repository and run `cargo build --release`, and look for the `gfh` and\n`gfh-keygen` binaries in `./target/release/`.\n\nWhen building from source or from Cargo, on Linux you will need the following\npackages: `pkg-config libpcsclite-dev libudev-dev`\n\n## License\n\nThis program is licensed under the MIT license (see [LICENSE](./LICENSE) or\nhttps://opensource.org/licenses/MIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fovyerus%2Fgfh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fovyerus%2Fgfh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fovyerus%2Fgfh/lists"}