1GITFORMAT-SIGNATURE(5)            Git Manual            GITFORMAT-SIGNATURE(5)
2
3
4

NAME

6       gitformat-signature - Git cryptographic signature formats
7

SYNOPSIS

9       <[tag|commit] object header(s)>
10       <over-the-wire protocol>
11

DESCRIPTION

13       Git uses cryptographic signatures in various places, currently objects
14       (tags, commits, mergetags) and transactions (pushes). In every case,
15       the command which is about to create an object or transaction
16       determines a payload from that, calls an external program to obtain a
17       detached signature for the payload (gpg -bsa in the case of PGP
18       signatures), and embeds the signature into the object or transaction.
19
20       Signatures begin with an "ASCII Armor" header line and end with a tail
21       line, which differ depending on signature type (as selected by
22       gpg.format, see git-config(1)). These are, for gpg.format values:
23
24       gpg (PGP)
25           -----BEGIN PGP SIGNATURE----- and -----END PGP SIGNATURE-----. Or,
26           if gpg is told to produce RFC1991 signatures, -----BEGIN PGP
27           MESSAGE----- and -----END PGP MESSAGE-----
28
29       ssh (SSH)
30           -----BEGIN SSH SIGNATURE----- and -----END SSH SIGNATURE-----
31
32       x509 (X.509)
33           -----BEGIN SIGNED MESSAGE----- and -----END SIGNED MESSAGE-----
34
35       Signatures sometimes appear as a part of the normal payload (e.g. a
36       signed tag has the signature block appended after the payload that the
37       signature applies to), and sometimes appear in the value of an object
38       header (e.g. a merge commit that merged a signed tag would have the
39       entire tag contents on its "mergetag" header). In the case of the
40       latter, the usual multi-line formatting rule for object headers
41       applies. I.e. the second and subsequent lines are prefixed with a SP to
42       signal that the line is continued from the previous line.
43
44       This is even true for an originally empty line. In the following
45       examples, the end of line that ends with a whitespace letter is
46       highlighted with a $ sign; if you are trying to recreate these example
47       by hand, do not cut and paste them—they are there primarily to
48       highlight extra whitespace at the end of some lines.
49
50       The signed payload and the way the signature is embedded depends on the
51       type of the object resp. transaction.
52

TAG SIGNATURES

54       •   created by: git tag -s
55
56       •   payload: annotated tag object
57
58       •   embedding: append the signature to the unsigned tag object
59
60       •   example: tag signedtag with subject signed tag
61
62           object 04b871796dc0420f8e7561a895b52484b701d51a
63           type commit
64           tag signedtag
65           tagger C O Mitter <committer@example.com> 1465981006 +0000
66
67           signed tag
68
69           signed tag message body
70           -----BEGIN PGP SIGNATURE-----
71           Version: GnuPG v1
72
73           iQEcBAABAgAGBQJXYRhOAAoJEGEJLoW3InGJklkIAIcnhL7RwEb/+QeX9enkXhxn
74           rxfdqrvWd1K80sl2TOt8Bg/NYwrUBw/RWJ+sg/hhHp4WtvE1HDGHlkEz3y11Lkuh
75           8tSxS3qKTxXUGozyPGuE90sJfExhZlW4knIQ1wt/yWqM+33E9pN4hzPqLwyrdods
76           q8FWEqPPUbSJXoMbRPw04S5jrLtZSsUWbRYjmJCHzlhSfFWW4eFd37uquIaLUBS0
77           rkC3Jrx7420jkIpgFcTI2s60uhSQLzgcCwdA2ukSYIRnjg/zDkj8+3h/GaROJ72x
78           lZyI6HWixKJkWw8lE9aAOD9TmTW9sFJwcVAzmAuFX2kUreDUKMZduGcoRYGpD7E=
79           =jpXa
80           -----END PGP SIGNATURE-----
81
82       •   verify with: git verify-tag [-v] or git tag -v
83
84           gpg: Signature made Wed Jun 15 10:56:46 2016 CEST using RSA key ID B7227189
85           gpg: Good signature from "Eris Discordia <discord@example.net>"
86           gpg: WARNING: This key is not certified with a trusted signature!
87           gpg:          There is no indication that the signature belongs to the owner.
88           Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA  29A4 6109 2E85 B722 7189
89           object 04b871796dc0420f8e7561a895b52484b701d51a
90           type commit
91           tag signedtag
92           tagger C O Mitter <committer@example.com> 1465981006 +0000
93
94           signed tag
95
96           signed tag message body
97

COMMIT SIGNATURES

99       •   created by: git commit -S
100
101       •   payload: commit object
102
103       •   embedding: header entry gpgsig (content is preceded by a space)
104
105       •   example: commit with subject signed commit
106
107           tree eebfed94e75e7760540d1485c740902590a00332
108           parent 04b871796dc0420f8e7561a895b52484b701d51a
109           author A U Thor <author@example.com> 1465981137 +0000
110           committer C O Mitter <committer@example.com> 1465981137 +0000
111           gpgsig -----BEGIN PGP SIGNATURE-----
112            Version: GnuPG v1
113            $
114            iQEcBAABAgAGBQJXYRjRAAoJEGEJLoW3InGJ3IwIAIY4SA6GxY3BjL60YyvsJPh/
115            HRCJwH+w7wt3Yc/9/bW2F+gF72kdHOOs2jfv+OZhq0q4OAN6fvVSczISY/82LpS7
116            DVdMQj2/YcHDT4xrDNBnXnviDO9G7am/9OE77kEbXrp7QPxvhjkicHNwy2rEflAA
117            zn075rtEERDHr8nRYiDh8eVrefSO7D+bdQ7gv+7GsYMsd2auJWi1dHOSfTr9HIF4
118            HJhWXT9d2f8W+diRYXGh4X0wYiGg6na/soXc+vdtDYBzIxanRqjg8jCAeo1eOTk1
119            EdTwhcTZlI0x5pvJ3H0+4hA2jtldVtmPM4OTB0cTrEWBad7XV6YgiyuII73Ve3I=
120            =jKHM
121            -----END PGP SIGNATURE-----
122
123           signed commit
124
125           signed commit message body
126
127       •   verify with: git verify-commit [-v] (or git show --show-signature)
128
129           gpg: Signature made Wed Jun 15 10:58:57 2016 CEST using RSA key ID B7227189
130           gpg: Good signature from "Eris Discordia <discord@example.net>"
131           gpg: WARNING: This key is not certified with a trusted signature!
132           gpg:          There is no indication that the signature belongs to the owner.
133           Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA  29A4 6109 2E85 B722 7189
134           tree eebfed94e75e7760540d1485c740902590a00332
135           parent 04b871796dc0420f8e7561a895b52484b701d51a
136           author A U Thor <author@example.com> 1465981137 +0000
137           committer C O Mitter <committer@example.com> 1465981137 +0000
138
139           signed commit
140
141           signed commit message body
142

MERGETAG SIGNATURES

144       •   created by: git merge on signed tag
145
146       •   payload/embedding: the whole signed tag object is embedded into the
147           (merge) commit object as header entry mergetag
148
149       •   example: merge of the signed tag signedtag as above
150
151           tree c7b1cff039a93f3600a1d18b82d26688668c7dea
152           parent c33429be94b5f2d3ee9b0adad223f877f174b05d
153           parent 04b871796dc0420f8e7561a895b52484b701d51a
154           author A U Thor <author@example.com> 1465982009 +0000
155           committer C O Mitter <committer@example.com> 1465982009 +0000
156           mergetag object 04b871796dc0420f8e7561a895b52484b701d51a
157            type commit
158            tag signedtag
159            tagger C O Mitter <committer@example.com> 1465981006 +0000
160            $
161            signed tag
162            $
163            signed tag message body
164            -----BEGIN PGP SIGNATURE-----
165            Version: GnuPG v1
166            $
167            iQEcBAABAgAGBQJXYRhOAAoJEGEJLoW3InGJklkIAIcnhL7RwEb/+QeX9enkXhxn
168            rxfdqrvWd1K80sl2TOt8Bg/NYwrUBw/RWJ+sg/hhHp4WtvE1HDGHlkEz3y11Lkuh
169            8tSxS3qKTxXUGozyPGuE90sJfExhZlW4knIQ1wt/yWqM+33E9pN4hzPqLwyrdods
170            q8FWEqPPUbSJXoMbRPw04S5jrLtZSsUWbRYjmJCHzlhSfFWW4eFd37uquIaLUBS0
171            rkC3Jrx7420jkIpgFcTI2s60uhSQLzgcCwdA2ukSYIRnjg/zDkj8+3h/GaROJ72x
172            lZyI6HWixKJkWw8lE9aAOD9TmTW9sFJwcVAzmAuFX2kUreDUKMZduGcoRYGpD7E=
173            =jpXa
174            -----END PGP SIGNATURE-----
175
176           Merge tag 'signedtag' into downstream
177
178           signed tag
179
180           signed tag message body
181
182           # gpg: Signature made Wed Jun 15 08:56:46 2016 UTC using RSA key ID B7227189
183           # gpg: Good signature from "Eris Discordia <discord@example.net>"
184           # gpg: WARNING: This key is not certified with a trusted signature!
185           # gpg:          There is no indication that the signature belongs to the owner.
186           # Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA  29A4 6109 2E85 B722 7189
187
188       •   verify with: verification is embedded in merge commit message by
189           default, alternatively with git show --show-signature:
190
191           commit 9863f0c76ff78712b6800e199a46aa56afbcbd49
192           merged tag 'signedtag'
193           gpg: Signature made Wed Jun 15 10:56:46 2016 CEST using RSA key ID B7227189
194           gpg: Good signature from "Eris Discordia <discord@example.net>"
195           gpg: WARNING: This key is not certified with a trusted signature!
196           gpg:          There is no indication that the signature belongs to the owner.
197           Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA  29A4 6109 2E85 B722 7189
198           Merge: c33429b 04b8717
199           Author: A U Thor <author@example.com>
200           Date:   Wed Jun 15 09:13:29 2016 +0000
201
202               Merge tag 'signedtag' into downstream
203
204               signed tag
205
206               signed tag message body
207
208               # gpg: Signature made Wed Jun 15 08:56:46 2016 UTC using RSA key ID B7227189
209               # gpg: Good signature from "Eris Discordia <discord@example.net>"
210               # gpg: WARNING: This key is not certified with a trusted signature!
211               # gpg:          There is no indication that the signature belongs to the owner.
212               # Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA  29A4 6109 2E85 B722 7189
213

GIT

215       Part of the git(1) suite
216
217
218
219Git 2.43.0                        11/20/2023            GITFORMAT-SIGNATURE(5)
Impressum