I have gpg4win suite and already created a certificate with Kleopatra, and I would like to use existing certificate to authenticate to github via SSH, instead of using ssh-agent that comes with git installation.
github help pages explain how to generate new key pair with ssh-agent and how to add it to agent for authentication, but I'm curious if I can do this with gpg (gpg4win)? or at least use existing certificate with ssh-agent.
Is that even possible and how to achieve this?
To authenticate to GitHub over SSH, you can only use the SSH keys. GPG keys are used to sign the commits so that people know that the commit was made by you, not someone else.
Here's the scenario:
You use SSH on your PC to pull/push to GitHub. But one day, someone finds out your password, somehow. Now, that person can also push and pull to GitHub through your account. This way, it will be hard for others to know which commit was made by the real you, and which one was made by an imposter.
But if you have a GPG key authenticated to your GitHub account for your PC that you use to make the commits over SSH, the commits will be signed. Now, even if someone got your password and could commit something, somehow, others will know that the commit wasn't made by you. Why? Because it wasn't signed using your GPG key.
GPG keys are like virtual signatures/fingerprint used to identify what belongs (authorized) to you and what doesn't. Just like an SSH key that is used to verify your identity for easier access.
So, NO, you can't use GPG keys to push/pull to/from GitHub.
