logo

oasis-root

Compiled tree of Oasis Linux based on own branch at <https://hacktivis.me/git/oasis/> git clone https://anongit.hacktivis.me/git/oasis-root.git

gitformat-signature.5 (11266B)


  1. '\" t
  2. .\" Title: gitformat-signature
  3. .\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author]
  4. .\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
  5. .\" Date: 2025-03-14
  6. .\" Manual: Git Manual
  7. .\" Source: Git 2.49.0
  8. .\" Language: English
  9. .\"
  10. .TH "GITFORMAT\-SIGNATURE" "5" "2025-03-14" "Git 2\&.49\&.0" "Git Manual"
  11. .\" -----------------------------------------------------------------
  12. .\" * Define some portability stuff
  13. .\" -----------------------------------------------------------------
  14. .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  15. .\" http://bugs.debian.org/507673
  16. .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
  17. .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  18. .ie \n(.g .ds Aq \(aq
  19. .el .ds Aq '
  20. .\" -----------------------------------------------------------------
  21. .\" * set default formatting
  22. .\" -----------------------------------------------------------------
  23. .\" disable hyphenation
  24. .nh
  25. .\" disable justification (adjust text to left margin only)
  26. .ad l
  27. .\" -----------------------------------------------------------------
  28. .\" * MAIN CONTENT STARTS HERE *
  29. .\" -----------------------------------------------------------------
  30. .SH "NAME"
  31. gitformat-signature \- Git cryptographic signature formats
  32. .SH "SYNOPSIS"
  33. .sp
  34. .nf
  35. <[tag|commit] object header(s)>
  36. <over\-the\-wire protocol>
  37. .fi
  38. .SH "DESCRIPTION"
  39. .sp
  40. Git uses cryptographic signatures in various places, currently objects (tags, commits, mergetags) and transactions (pushes)\&. In every case, the command which is about to create an object or transaction determines a payload from that, calls an external program to obtain a detached signature for the payload (\fBgpg\fR \fB\-bsa\fR in the case of PGP signatures), and embeds the signature into the object or transaction\&.
  41. .sp
  42. Signatures begin with an "ASCII Armor" header line and end with a tail line, which differ depending on signature type (as selected by \fBgpg\&.format\fR, see \fBgit-config\fR(1))\&. These are, for \fBgpg\&.format\fR values:
  43. .PP
  44. \fBgpg\fR (PGP)
  45. .RS 4
  46. \fB\-\-\-\-\-BEGIN\fR
  47. \fBPGP\fR
  48. \fBSIGNATURE\-\-\-\-\-\fR
  49. and
  50. \fB\-\-\-\-\-END\fR
  51. \fBPGP\fR
  52. \fBSIGNATURE\-\-\-\-\-\fR\&. Or, if gpg is told to produce RFC1991 signatures,
  53. \fB\-\-\-\-\-BEGIN\fR
  54. \fBPGP\fR
  55. \fBMESSAGE\-\-\-\-\-\fR
  56. and
  57. \fB\-\-\-\-\-END\fR
  58. \fBPGP\fR
  59. \fBMESSAGE\-\-\-\-\-\fR
  60. .RE
  61. .PP
  62. \fBssh\fR (SSH)
  63. .RS 4
  64. \fB\-\-\-\-\-BEGIN\fR
  65. \fBSSH\fR
  66. \fBSIGNATURE\-\-\-\-\-\fR
  67. and
  68. \fB\-\-\-\-\-END\fR
  69. \fBSSH\fR
  70. \fBSIGNATURE\-\-\-\-\-\fR
  71. .RE
  72. .PP
  73. \fBx509\fR (X\&.509)
  74. .RS 4
  75. \fB\-\-\-\-\-BEGIN\fR
  76. \fBSIGNED\fR
  77. \fBMESSAGE\-\-\-\-\-\fR
  78. and
  79. \fB\-\-\-\-\-END\fR
  80. \fBSIGNED\fR
  81. \fBMESSAGE\-\-\-\-\-\fR
  82. .RE
  83. .sp
  84. Signatures sometimes appear as a part of the normal payload (e\&.g\&. a signed tag has the signature block appended after the payload that the signature applies to), and sometimes appear in the value of an object header (e\&.g\&. a merge commit that merged a signed tag would have the entire tag contents on its "mergetag" header)\&. In the case of the latter, the usual multi\-line formatting rule for object headers applies\&. I\&.e\&. the second and subsequent lines are prefixed with a SP to signal that the line is continued from the previous line\&.
  85. .sp
  86. This is even true for an originally empty line\&. In the following examples, the end of line that ends with a whitespace letter is highlighted with a \fB$\fR sign; if you are trying to recreate these example by hand, do not cut and paste them\(em\:they are there primarily to highlight extra whitespace at the end of some lines\&.
  87. .sp
  88. The signed payload and the way the signature is embedded depends on the type of the object resp\&. transaction\&.
  89. .SH "TAG SIGNATURES"
  90. .sp
  91. .RS 4
  92. .ie n \{\
  93. \h'-04'\(bu\h'+03'\c
  94. .\}
  95. .el \{\
  96. .sp -1
  97. .IP \(bu 2.3
  98. .\}
  99. created by:
  100. \fBgit\fR
  101. \fBtag\fR
  102. \fB\-s\fR
  103. .RE
  104. .sp
  105. .RS 4
  106. .ie n \{\
  107. \h'-04'\(bu\h'+03'\c
  108. .\}
  109. .el \{\
  110. .sp -1
  111. .IP \(bu 2.3
  112. .\}
  113. payload: annotated tag object
  114. .RE
  115. .sp
  116. .RS 4
  117. .ie n \{\
  118. \h'-04'\(bu\h'+03'\c
  119. .\}
  120. .el \{\
  121. .sp -1
  122. .IP \(bu 2.3
  123. .\}
  124. embedding: append the signature to the unsigned tag object
  125. .RE
  126. .sp
  127. .RS 4
  128. .ie n \{\
  129. \h'-04'\(bu\h'+03'\c
  130. .\}
  131. .el \{\
  132. .sp -1
  133. .IP \(bu 2.3
  134. .\}
  135. example: tag
  136. \fBsignedtag\fR
  137. with subject
  138. \fBsigned\fR
  139. \fBtag\fR
  140. .RE
  141. .sp
  142. .if n \{\
  143. .RS 4
  144. .\}
  145. .nf
  146. object 04b871796dc0420f8e7561a895b52484b701d51a
  147. type commit
  148. tag signedtag
  149. tagger C O Mitter <committer@example\&.com> 1465981006 +0000
  150. signed tag
  151. signed tag message body
  152. \-\-\-\-\-BEGIN PGP SIGNATURE\-\-\-\-\-
  153. Version: GnuPG v1
  154. iQEcBAABAgAGBQJXYRhOAAoJEGEJLoW3InGJklkIAIcnhL7RwEb/+QeX9enkXhxn
  155. rxfdqrvWd1K80sl2TOt8Bg/NYwrUBw/RWJ+sg/hhHp4WtvE1HDGHlkEz3y11Lkuh
  156. 8tSxS3qKTxXUGozyPGuE90sJfExhZlW4knIQ1wt/yWqM+33E9pN4hzPqLwyrdods
  157. q8FWEqPPUbSJXoMbRPw04S5jrLtZSsUWbRYjmJCHzlhSfFWW4eFd37uquIaLUBS0
  158. rkC3Jrx7420jkIpgFcTI2s60uhSQLzgcCwdA2ukSYIRnjg/zDkj8+3h/GaROJ72x
  159. lZyI6HWixKJkWw8lE9aAOD9TmTW9sFJwcVAzmAuFX2kUreDUKMZduGcoRYGpD7E=
  160. =jpXa
  161. \-\-\-\-\-END PGP SIGNATURE\-\-\-\-\-
  162. .fi
  163. .if n \{\
  164. .RE
  165. .\}
  166. .sp
  167. .RS 4
  168. .ie n \{\
  169. \h'-04'\(bu\h'+03'\c
  170. .\}
  171. .el \{\
  172. .sp -1
  173. .IP \(bu 2.3
  174. .\}
  175. verify with:
  176. \fBgit\fR
  177. \fBverify\-tag\fR
  178. [\fB\-v\fR] or
  179. \fBgit\fR
  180. \fBtag\fR
  181. \fB\-v\fR
  182. .RE
  183. .sp
  184. .if n \{\
  185. .RS 4
  186. .\}
  187. .nf
  188. gpg: Signature made Wed Jun 15 10:56:46 2016 CEST using RSA key ID B7227189
  189. gpg: Good signature from "Eris Discordia <discord@example\&.net>"
  190. gpg: WARNING: This key is not certified with a trusted signature!
  191. gpg: There is no indication that the signature belongs to the owner\&.
  192. Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA 29A4 6109 2E85 B722 7189
  193. object 04b871796dc0420f8e7561a895b52484b701d51a
  194. type commit
  195. tag signedtag
  196. tagger C O Mitter <committer@example\&.com> 1465981006 +0000
  197. signed tag
  198. signed tag message body
  199. .fi
  200. .if n \{\
  201. .RE
  202. .\}
  203. .SH "COMMIT SIGNATURES"
  204. .sp
  205. .RS 4
  206. .ie n \{\
  207. \h'-04'\(bu\h'+03'\c
  208. .\}
  209. .el \{\
  210. .sp -1
  211. .IP \(bu 2.3
  212. .\}
  213. created by:
  214. \fBgit\fR
  215. \fBcommit\fR
  216. \fB\-S\fR
  217. .RE
  218. .sp
  219. .RS 4
  220. .ie n \{\
  221. \h'-04'\(bu\h'+03'\c
  222. .\}
  223. .el \{\
  224. .sp -1
  225. .IP \(bu 2.3
  226. .\}
  227. payload: commit object
  228. .RE
  229. .sp
  230. .RS 4
  231. .ie n \{\
  232. \h'-04'\(bu\h'+03'\c
  233. .\}
  234. .el \{\
  235. .sp -1
  236. .IP \(bu 2.3
  237. .\}
  238. embedding: header entry
  239. \fBgpgsig\fR
  240. (content is preceded by a space)
  241. .RE
  242. .sp
  243. .RS 4
  244. .ie n \{\
  245. \h'-04'\(bu\h'+03'\c
  246. .\}
  247. .el \{\
  248. .sp -1
  249. .IP \(bu 2.3
  250. .\}
  251. example: commit with subject
  252. \fBsigned\fR
  253. \fBcommit\fR
  254. .RE
  255. .sp
  256. .if n \{\
  257. .RS 4
  258. .\}
  259. .nf
  260. tree eebfed94e75e7760540d1485c740902590a00332
  261. parent 04b871796dc0420f8e7561a895b52484b701d51a
  262. author A U Thor <author@example\&.com> 1465981137 +0000
  263. committer C O Mitter <committer@example\&.com> 1465981137 +0000
  264. gpgsig \-\-\-\-\-BEGIN PGP SIGNATURE\-\-\-\-\-
  265. Version: GnuPG v1
  266. $
  267. iQEcBAABAgAGBQJXYRjRAAoJEGEJLoW3InGJ3IwIAIY4SA6GxY3BjL60YyvsJPh/
  268. HRCJwH+w7wt3Yc/9/bW2F+gF72kdHOOs2jfv+OZhq0q4OAN6fvVSczISY/82LpS7
  269. DVdMQj2/YcHDT4xrDNBnXnviDO9G7am/9OE77kEbXrp7QPxvhjkicHNwy2rEflAA
  270. zn075rtEERDHr8nRYiDh8eVrefSO7D+bdQ7gv+7GsYMsd2auJWi1dHOSfTr9HIF4
  271. HJhWXT9d2f8W+diRYXGh4X0wYiGg6na/soXc+vdtDYBzIxanRqjg8jCAeo1eOTk1
  272. EdTwhcTZlI0x5pvJ3H0+4hA2jtldVtmPM4OTB0cTrEWBad7XV6YgiyuII73Ve3I=
  273. =jKHM
  274. \-\-\-\-\-END PGP SIGNATURE\-\-\-\-\-
  275. signed commit
  276. signed commit message body
  277. .fi
  278. .if n \{\
  279. .RE
  280. .\}
  281. .sp
  282. .RS 4
  283. .ie n \{\
  284. \h'-04'\(bu\h'+03'\c
  285. .\}
  286. .el \{\
  287. .sp -1
  288. .IP \(bu 2.3
  289. .\}
  290. verify with:
  291. \fBgit\fR
  292. \fBverify\-commit\fR
  293. [\fB\-v\fR] (or
  294. \fBgit\fR
  295. \fBshow\fR
  296. \fB\-\-show\-signature\fR)
  297. .RE
  298. .sp
  299. .if n \{\
  300. .RS 4
  301. .\}
  302. .nf
  303. gpg: Signature made Wed Jun 15 10:58:57 2016 CEST using RSA key ID B7227189
  304. gpg: Good signature from "Eris Discordia <discord@example\&.net>"
  305. gpg: WARNING: This key is not certified with a trusted signature!
  306. gpg: There is no indication that the signature belongs to the owner\&.
  307. Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA 29A4 6109 2E85 B722 7189
  308. tree eebfed94e75e7760540d1485c740902590a00332
  309. parent 04b871796dc0420f8e7561a895b52484b701d51a
  310. author A U Thor <author@example\&.com> 1465981137 +0000
  311. committer C O Mitter <committer@example\&.com> 1465981137 +0000
  312. signed commit
  313. signed commit message body
  314. .fi
  315. .if n \{\
  316. .RE
  317. .\}
  318. .SH "MERGETAG SIGNATURES"
  319. .sp
  320. .RS 4
  321. .ie n \{\
  322. \h'-04'\(bu\h'+03'\c
  323. .\}
  324. .el \{\
  325. .sp -1
  326. .IP \(bu 2.3
  327. .\}
  328. created by:
  329. \fBgit\fR
  330. \fBmerge\fR
  331. on signed tag
  332. .RE
  333. .sp
  334. .RS 4
  335. .ie n \{\
  336. \h'-04'\(bu\h'+03'\c
  337. .\}
  338. .el \{\
  339. .sp -1
  340. .IP \(bu 2.3
  341. .\}
  342. payload/embedding: the whole signed tag object is embedded into the (merge) commit object as header entry
  343. \fBmergetag\fR
  344. .RE
  345. .sp
  346. .RS 4
  347. .ie n \{\
  348. \h'-04'\(bu\h'+03'\c
  349. .\}
  350. .el \{\
  351. .sp -1
  352. .IP \(bu 2.3
  353. .\}
  354. example: merge of the signed tag
  355. \fBsignedtag\fR
  356. as above
  357. .RE
  358. .sp
  359. .if n \{\
  360. .RS 4
  361. .\}
  362. .nf
  363. tree c7b1cff039a93f3600a1d18b82d26688668c7dea
  364. parent c33429be94b5f2d3ee9b0adad223f877f174b05d
  365. parent 04b871796dc0420f8e7561a895b52484b701d51a
  366. author A U Thor <author@example\&.com> 1465982009 +0000
  367. committer C O Mitter <committer@example\&.com> 1465982009 +0000
  368. mergetag object 04b871796dc0420f8e7561a895b52484b701d51a
  369. type commit
  370. tag signedtag
  371. tagger C O Mitter <committer@example\&.com> 1465981006 +0000
  372. $
  373. signed tag
  374. $
  375. signed tag message body
  376. \-\-\-\-\-BEGIN PGP SIGNATURE\-\-\-\-\-
  377. Version: GnuPG v1
  378. $
  379. iQEcBAABAgAGBQJXYRhOAAoJEGEJLoW3InGJklkIAIcnhL7RwEb/+QeX9enkXhxn
  380. rxfdqrvWd1K80sl2TOt8Bg/NYwrUBw/RWJ+sg/hhHp4WtvE1HDGHlkEz3y11Lkuh
  381. 8tSxS3qKTxXUGozyPGuE90sJfExhZlW4knIQ1wt/yWqM+33E9pN4hzPqLwyrdods
  382. q8FWEqPPUbSJXoMbRPw04S5jrLtZSsUWbRYjmJCHzlhSfFWW4eFd37uquIaLUBS0
  383. rkC3Jrx7420jkIpgFcTI2s60uhSQLzgcCwdA2ukSYIRnjg/zDkj8+3h/GaROJ72x
  384. lZyI6HWixKJkWw8lE9aAOD9TmTW9sFJwcVAzmAuFX2kUreDUKMZduGcoRYGpD7E=
  385. =jpXa
  386. \-\-\-\-\-END PGP SIGNATURE\-\-\-\-\-
  387. Merge tag \*(Aqsignedtag\*(Aq into downstream
  388. signed tag
  389. signed tag message body
  390. # gpg: Signature made Wed Jun 15 08:56:46 2016 UTC using RSA key ID B7227189
  391. # gpg: Good signature from "Eris Discordia <discord@example\&.net>"
  392. # gpg: WARNING: This key is not certified with a trusted signature!
  393. # gpg: There is no indication that the signature belongs to the owner\&.
  394. # Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA 29A4 6109 2E85 B722 7189
  395. .fi
  396. .if n \{\
  397. .RE
  398. .\}
  399. .sp
  400. .RS 4
  401. .ie n \{\
  402. \h'-04'\(bu\h'+03'\c
  403. .\}
  404. .el \{\
  405. .sp -1
  406. .IP \(bu 2.3
  407. .\}
  408. verify with: verification is embedded in merge commit message by default, alternatively with
  409. \fBgit\fR
  410. \fBshow\fR
  411. \fB\-\-show\-signature\fR:
  412. .RE
  413. .sp
  414. .if n \{\
  415. .RS 4
  416. .\}
  417. .nf
  418. commit 9863f0c76ff78712b6800e199a46aa56afbcbd49
  419. merged tag \*(Aqsignedtag\*(Aq
  420. gpg: Signature made Wed Jun 15 10:56:46 2016 CEST using RSA key ID B7227189
  421. gpg: Good signature from "Eris Discordia <discord@example\&.net>"
  422. gpg: WARNING: This key is not certified with a trusted signature!
  423. gpg: There is no indication that the signature belongs to the owner\&.
  424. Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA 29A4 6109 2E85 B722 7189
  425. Merge: c33429b 04b8717
  426. Author: A U Thor <author@example\&.com>
  427. Date: Wed Jun 15 09:13:29 2016 +0000
  428. Merge tag \*(Aqsignedtag\*(Aq into downstream
  429. signed tag
  430. signed tag message body
  431. # gpg: Signature made Wed Jun 15 08:56:46 2016 UTC using RSA key ID B7227189
  432. # gpg: Good signature from "Eris Discordia <discord@example\&.net>"
  433. # gpg: WARNING: This key is not certified with a trusted signature!
  434. # gpg: There is no indication that the signature belongs to the owner\&.
  435. # Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA 29A4 6109 2E85 B722 7189
  436. .fi
  437. .if n \{\
  438. .RE
  439. .\}
  440. .SH "GIT"
  441. .sp
  442. Part of the \fBgit\fR(1) suite