Gitolite is newer, and offers more granular control, but it spreads the security measures beyond SSH's regularly peer-tested capacities. Let me explain:
IIUC, the major difference between gitolite and gitosis is that gitosis only manages access to git repositories, while gitolite provides more granular control over git repositories and their branches.
Both use SSH keys for authentication and repository level authorization. The keys and the ACLs are stored in the admin repository, and the git triggers convert the ACLs to the git user .ssh/config file via git hooks. So when you commit and push a change, the ACLs will be parsed then transformed and copied into a .ssh/config file, while the keys are also concatenated into .ssh/authorized_keys - a process you are familiar with.
The gitosis .ssh/config files only ever allow a user to issue a single command
These days I'm using gitolite at work, and gitosis at home. I hardly know they are different.