diff options
| author | Gwyneth Morgan <gwymor@tilde.club> | 2023-02-27 20:27:18 +0000 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2023-02-27 13:42:43 -0800 |
| commit | 31a431b18b33cdfee7ddb61e63902bb1c3964bd5 (patch) | |
| tree | 41a082ae00c0cbd578bfbb439413c04d192d4813 /Documentation/gitformat-signature.txt | |
| parent | 7556e5d737b917d31ac3729b0f5e2391da7e132a (diff) | |
| download | git-31a431b18b33cdfee7ddb61e63902bb1c3964bd5.tar.gz | |
signature-format.txt: note SSH and X.509 signature delimiters
This document only explains PGP signatures, but Git now supports X.509
signatures as of 1e7adb9756 (gpg-interface: introduce new signature
format "x509" using gpgsm, 2018-07-17), and SSH signatures as of
29b315778e (ssh signing: add ssh key format and signing code,
2021-09-10).
Additionally, explain that these signature formats are controlled
`gpg.format`, linking to its documentation, and explain in said
`gpg.format` documentation that the underlying signature format is
documented in signature-format.txt.
Signed-off-by: Gwyneth Morgan <gwymor@tilde.club>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation/gitformat-signature.txt')
| -rw-r--r-- | Documentation/gitformat-signature.txt | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/Documentation/gitformat-signature.txt b/Documentation/gitformat-signature.txt index a249869faf..a839b7878c 100644 --- a/Documentation/gitformat-signature.txt +++ b/Documentation/gitformat-signature.txt @@ -17,12 +17,24 @@ DESCRIPTION Git uses cryptographic signatures in various places, currently objects (tags, commits, mergetags) and transactions (pushes). In every case, the command which is about to create an object or transaction determines a payload from that, -calls gpg to obtain a detached signature for the payload (`gpg -bsa`) and -embeds the signature into the object or transaction. +calls an external program to obtain a detached signature for the payload +(`gpg -bsa` in the case of PGP signatures), and embeds the signature into the +object or transaction. -Signatures always begin with `-----BEGIN PGP SIGNATURE-----` -and end with `-----END PGP SIGNATURE-----`, unless gpg is told to -produce RFC1991 signatures which use `MESSAGE` instead of `SIGNATURE`. +Signatures begin with an "ASCII Armor" header line and end with a tail line, +which differ depending on signature type (as selected by `gpg.format`, see +linkgit:git-config[1]). These are, for `gpg.format` values: + +`gpg` (PGP):: + `-----BEGIN PGP SIGNATURE-----` and `-----END PGP SIGNATURE-----`. + Or, if gpg is told to produce RFC1991 signatures, + `-----BEGIN PGP MESSAGE-----` and `-----END PGP MESSAGE-----` + +`ssh` (SSH):: + `-----BEGIN SSH SIGNATURE-----` and `-----END SSH SIGNATURE-----` + +`x509` (X.509):: + `-----BEGIN SIGNED MESSAGE-----` and `-----END SIGNED MESSAGE-----` Signatures sometimes appear as a part of the normal payload (e.g. a signed tag has the signature block appended after the payload |