1GITFORMAT-SIGNATURE(5) Git Manual GITFORMAT-SIGNATURE(5)
2
6 gitformat-signature - Git cryptographic signature formats
7
9 <[tag|commit] object header(s)>
10 <over-the-wire protocol>
11
13 Git uses cryptographic signatures in various places, currently objects
14 (tags, commits, mergetags) and transactions (pushes). In every case,
15 the command which is about to create an object or transaction
16 determines a payload from that, calls gpg to obtain a detached
17 signature for the payload (gpg -bsa) and embeds the signature into the
18 object or transaction.
19 Signatures always begin with -----BEGIN PGP SIGNATURE----- and end with
21 -----END PGP SIGNATURE-----, unless gpg is told to produce RFC1991
22 signatures which use MESSAGE instead of SIGNATURE.
23 Signatures sometimes appear as a part of the normal payload (e.g. a
25 signed tag has the signature block appended after the payload that the
26 signature applies to), and sometimes appear in the value of an object
27 header (e.g. a merge commit that merged a signed tag would have the
28 entire tag contents on its "mergetag" header). In the case of the
29 latter, the usual multi-line formatting rule for object headers
30 applies. I.e. the second and subsequent lines are prefixed with a SP to
31 signal that the line is continued from the previous line.
32 This is even true for an originally empty line. In the following
34 examples, the end of line that ends with a whitespace letter is
35 highlighted with a $ sign; if you are trying to recreate these example
36 by hand, do not cut and paste them---they are there primarily to
37 highlight extra whitespace at the end of some lines.
38 The signed payload and the way the signature is embedded depends on the
40 type of the object resp. transaction.
41
43 • created by: git tag -s
44 • payload: annotated tag object
46 • embedding: append the signature to the unsigned tag object
48 • example: tag signedtag with subject signed tag
50 object 04b871796dc0420f8e7561a895b52484b701d51a
52 type commit
53 tag signedtag
54 tagger C O Mitter <committer@example.com> 1465981006 +0000
55 signed tag
57 signed tag message body
59 -----BEGIN PGP SIGNATURE-----
60 Version: GnuPG v1
61 iQEcBAABAgAGBQJXYRhOAAoJEGEJLoW3InGJklkIAIcnhL7RwEb/+QeX9enkXhxn
63 rxfdqrvWd1K80sl2TOt8Bg/NYwrUBw/RWJ+sg/hhHp4WtvE1HDGHlkEz3y11Lkuh
64 8tSxS3qKTxXUGozyPGuE90sJfExhZlW4knIQ1wt/yWqM+33E9pN4hzPqLwyrdods
65 q8FWEqPPUbSJXoMbRPw04S5jrLtZSsUWbRYjmJCHzlhSfFWW4eFd37uquIaLUBS0
66 rkC3Jrx7420jkIpgFcTI2s60uhSQLzgcCwdA2ukSYIRnjg/zDkj8+3h/GaROJ72x
67 lZyI6HWixKJkWw8lE9aAOD9TmTW9sFJwcVAzmAuFX2kUreDUKMZduGcoRYGpD7E=
68 =jpXa
69 -----END PGP SIGNATURE-----
70 • verify with: git verify-tag [-v] or git tag -v
72 gpg: Signature made Wed Jun 15 10:56:46 2016 CEST using RSA key ID B7227189
74 gpg: Good signature from "Eris Discordia <discord@example.net>"
75 gpg: WARNING: This key is not certified with a trusted signature!
76 gpg: There is no indication that the signature belongs to the owner.
77 Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA 29A4 6109 2E85 B722 7189
78 object 04b871796dc0420f8e7561a895b52484b701d51a
79 type commit
80 tag signedtag
81 tagger C O Mitter <committer@example.com> 1465981006 +0000
82 signed tag
84 signed tag message body
86
88 • created by: git commit -S
89 • payload: commit object
91 • embedding: header entry gpgsig (content is preceded by a space)
93 • example: commit with subject signed commit
95 tree eebfed94e75e7760540d1485c740902590a00332
97 parent 04b871796dc0420f8e7561a895b52484b701d51a
98 author A U Thor <author@example.com> 1465981137 +0000
99 committer C O Mitter <committer@example.com> 1465981137 +0000
100 gpgsig -----BEGIN PGP SIGNATURE-----
101 Version: GnuPG v1
102 $
103 iQEcBAABAgAGBQJXYRjRAAoJEGEJLoW3InGJ3IwIAIY4SA6GxY3BjL60YyvsJPh/
104 HRCJwH+w7wt3Yc/9/bW2F+gF72kdHOOs2jfv+OZhq0q4OAN6fvVSczISY/82LpS7
105 DVdMQj2/YcHDT4xrDNBnXnviDO9G7am/9OE77kEbXrp7QPxvhjkicHNwy2rEflAA
106 zn075rtEERDHr8nRYiDh8eVrefSO7D+bdQ7gv+7GsYMsd2auJWi1dHOSfTr9HIF4
107 HJhWXT9d2f8W+diRYXGh4X0wYiGg6na/soXc+vdtDYBzIxanRqjg8jCAeo1eOTk1
108 EdTwhcTZlI0x5pvJ3H0+4hA2jtldVtmPM4OTB0cTrEWBad7XV6YgiyuII73Ve3I=
109 =jKHM
110 -----END PGP SIGNATURE-----
111 signed commit
113 signed commit message body
115 • verify with: git verify-commit [-v] (or git show --show-signature)
117 gpg: Signature made Wed Jun 15 10:58:57 2016 CEST using RSA key ID B7227189
119 gpg: Good signature from "Eris Discordia <discord@example.net>"
120 gpg: WARNING: This key is not certified with a trusted signature!
121 gpg: There is no indication that the signature belongs to the owner.
122 Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA 29A4 6109 2E85 B722 7189
123 tree eebfed94e75e7760540d1485c740902590a00332
124 parent 04b871796dc0420f8e7561a895b52484b701d51a
125 author A U Thor <author@example.com> 1465981137 +0000
126 committer C O Mitter <committer@example.com> 1465981137 +0000
127 signed commit
129 signed commit message body
131
133 • created by: git merge on signed tag
134 • payload/embedding: the whole signed tag object is embedded into the
136 (merge) commit object as header entry mergetag
137 • example: merge of the signed tag signedtag as above
139 tree c7b1cff039a93f3600a1d18b82d26688668c7dea
141 parent c33429be94b5f2d3ee9b0adad223f877f174b05d
142 parent 04b871796dc0420f8e7561a895b52484b701d51a
143 author A U Thor <author@example.com> 1465982009 +0000
144 committer C O Mitter <committer@example.com> 1465982009 +0000
145 mergetag object 04b871796dc0420f8e7561a895b52484b701d51a
146 type commit
147 tag signedtag
148 tagger C O Mitter <committer@example.com> 1465981006 +0000
149 $
150 signed tag
151 $
152 signed tag message body
153 -----BEGIN PGP SIGNATURE-----
154 Version: GnuPG v1
155 $
156 iQEcBAABAgAGBQJXYRhOAAoJEGEJLoW3InGJklkIAIcnhL7RwEb/+QeX9enkXhxn
157 rxfdqrvWd1K80sl2TOt8Bg/NYwrUBw/RWJ+sg/hhHp4WtvE1HDGHlkEz3y11Lkuh
158 8tSxS3qKTxXUGozyPGuE90sJfExhZlW4knIQ1wt/yWqM+33E9pN4hzPqLwyrdods
159 q8FWEqPPUbSJXoMbRPw04S5jrLtZSsUWbRYjmJCHzlhSfFWW4eFd37uquIaLUBS0
160 rkC3Jrx7420jkIpgFcTI2s60uhSQLzgcCwdA2ukSYIRnjg/zDkj8+3h/GaROJ72x
161 lZyI6HWixKJkWw8lE9aAOD9TmTW9sFJwcVAzmAuFX2kUreDUKMZduGcoRYGpD7E=
162 =jpXa
163 -----END PGP SIGNATURE-----
164 Merge tag 'signedtag' into downstream
166 signed tag
168 signed tag message body
170 # gpg: Signature made Wed Jun 15 08:56:46 2016 UTC using RSA key ID B7227189
172 # gpg: Good signature from "Eris Discordia <discord@example.net>"
173 # gpg: WARNING: This key is not certified with a trusted signature!
174 # gpg: There is no indication that the signature belongs to the owner.
175 # Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA 29A4 6109 2E85 B722 7189
176 • verify with: verification is embedded in merge commit message by
178 default, alternatively with git show --show-signature:
179 commit 9863f0c76ff78712b6800e199a46aa56afbcbd49
181 merged tag 'signedtag'
182 gpg: Signature made Wed Jun 15 10:56:46 2016 CEST using RSA key ID B7227189
183 gpg: Good signature from "Eris Discordia <discord@example.net>"
184 gpg: WARNING: This key is not certified with a trusted signature!
185 gpg: There is no indication that the signature belongs to the owner.
186 Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA 29A4 6109 2E85 B722 7189
187 Merge: c33429b 04b8717
188 Author: A U Thor <author@example.com>
189 Date: Wed Jun 15 09:13:29 2016 +0000
190 Merge tag 'signedtag' into downstream
192 signed tag
194 signed tag message body
196 # gpg: Signature made Wed Jun 15 08:56:46 2016 UTC using RSA key ID B7227189
198 # gpg: Good signature from "Eris Discordia <discord@example.net>"
199 # gpg: WARNING: This key is not certified with a trusted signature!
200 # gpg: There is no indication that the signature belongs to the owner.
201 # Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA 29A4 6109 2E85 B722 7189
202
204 Part of the git(1) suite
205Git 2.39.1 2023-01-13 GITFORMAT-SIGNATURE(5)