2 .\" Title: gitformat-signature
3 .\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author]
4 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
10 .TH "GITFORMAT\-SIGNATURE" "5" "2023\-06\-01" "Git 2\&.41\&.0" "Git Manual"
11 .\" -----------------------------------------------------------------
12 .\" * Define some portability stuff
13 .\" -----------------------------------------------------------------
14 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
15 .\" http://bugs.debian.org/507673
16 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
17 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
20 .\" -----------------------------------------------------------------
21 .\" * set default formatting
22 .\" -----------------------------------------------------------------
23 .\" disable hyphenation
25 .\" disable justification (adjust text to left margin only)
27 .\" -----------------------------------------------------------------
28 .\" * MAIN CONTENT STARTS HERE *
29 .\" -----------------------------------------------------------------
31 gitformat-signature \- Git cryptographic signature formats
35 <[tag|commit] object header(s)>
36 <over\-the\-wire protocol>
41 Git uses cryptographic signatures in various places, currently objects (tags, commits, mergetags) and transactions (pushes)\&. In every case, the command which is about to create an object or transaction determines a payload from that, calls an external program to obtain a detached signature for the payload (\fBgpg \-bsa\fR in the case of PGP signatures), and embeds the signature into the object or transaction\&.
43 Signatures begin with an "ASCII Armor" header line and end with a tail line, which differ depending on signature type (as selected by \fBgpg\&.format\fR, see \fBgit-config\fR(1))\&. These are, for \fBgpg\&.format\fR values:
47 \fB\-\-\-\-\-BEGIN PGP SIGNATURE\-\-\-\-\-\fR
49 \fB\-\-\-\-\-END PGP SIGNATURE\-\-\-\-\-\fR\&. Or, if gpg is told to produce RFC1991 signatures,
50 \fB\-\-\-\-\-BEGIN PGP MESSAGE\-\-\-\-\-\fR
52 \fB\-\-\-\-\-END PGP MESSAGE\-\-\-\-\-\fR
57 \fB\-\-\-\-\-BEGIN SSH SIGNATURE\-\-\-\-\-\fR
59 \fB\-\-\-\-\-END SSH SIGNATURE\-\-\-\-\-\fR
64 \fB\-\-\-\-\-BEGIN SIGNED MESSAGE\-\-\-\-\-\fR
66 \fB\-\-\-\-\-END SIGNED MESSAGE\-\-\-\-\-\fR
69 Signatures sometimes appear as a part of the normal payload (e\&.g\&. a signed tag has the signature block appended after the payload that the signature applies to), and sometimes appear in the value of an object header (e\&.g\&. a merge commit that merged a signed tag would have the entire tag contents on its "mergetag" header)\&. In the case of the latter, the usual multi\-line formatting rule for object headers applies\&. I\&.e\&. the second and subsequent lines are prefixed with a SP to signal that the line is continued from the previous line\&.
71 This is even true for an originally empty line\&. In the following examples, the end of line that ends with a whitespace letter is highlighted with a \fB$\fR sign; if you are trying to recreate these example by hand, do not cut and paste them\(emthey are there primarily to highlight extra whitespace at the end of some lines\&.
73 The signed payload and the way the signature is embedded depends on the type of the object resp\&. transaction\&.
96 payload: annotated tag object
107 embedding: append the signature to the unsigned tag object
128 object 04b871796dc0420f8e7561a895b52484b701d51a
131 tagger C O Mitter <committer@example\&.com> 1465981006 +0000
135 signed tag message body
136 \-\-\-\-\-BEGIN PGP SIGNATURE\-\-\-\-\-
139 iQEcBAABAgAGBQJXYRhOAAoJEGEJLoW3InGJklkIAIcnhL7RwEb/+QeX9enkXhxn
140 rxfdqrvWd1K80sl2TOt8Bg/NYwrUBw/RWJ+sg/hhHp4WtvE1HDGHlkEz3y11Lkuh
141 8tSxS3qKTxXUGozyPGuE90sJfExhZlW4knIQ1wt/yWqM+33E9pN4hzPqLwyrdods
142 q8FWEqPPUbSJXoMbRPw04S5jrLtZSsUWbRYjmJCHzlhSfFWW4eFd37uquIaLUBS0
143 rkC3Jrx7420jkIpgFcTI2s60uhSQLzgcCwdA2ukSYIRnjg/zDkj8+3h/GaROJ72x
144 lZyI6HWixKJkWw8lE9aAOD9TmTW9sFJwcVAzmAuFX2kUreDUKMZduGcoRYGpD7E=
146 \-\-\-\-\-END PGP SIGNATURE\-\-\-\-\-
163 \fBgit verify\-tag [\-v]\fR
172 gpg: Signature made Wed Jun 15 10:56:46 2016 CEST using RSA key ID B7227189
173 gpg: Good signature from "Eris Discordia <discord@example\&.net>"
174 gpg: WARNING: This key is not certified with a trusted signature!
175 gpg: There is no indication that the signature belongs to the owner\&.
176 Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA 29A4 6109 2E85 B722 7189
177 object 04b871796dc0420f8e7561a895b52484b701d51a
180 tagger C O Mitter <committer@example\&.com> 1465981006 +0000
184 signed tag message body
190 .SH "COMMIT SIGNATURES"
212 payload: commit object
223 embedding: header entry
225 (content is preceded by a space)
236 example: commit with subject
244 tree eebfed94e75e7760540d1485c740902590a00332
245 parent 04b871796dc0420f8e7561a895b52484b701d51a
246 author A U Thor <author@example\&.com> 1465981137 +0000
247 committer C O Mitter <committer@example\&.com> 1465981137 +0000
248 gpgsig \-\-\-\-\-BEGIN PGP SIGNATURE\-\-\-\-\-
251 iQEcBAABAgAGBQJXYRjRAAoJEGEJLoW3InGJ3IwIAIY4SA6GxY3BjL60YyvsJPh/
252 HRCJwH+w7wt3Yc/9/bW2F+gF72kdHOOs2jfv+OZhq0q4OAN6fvVSczISY/82LpS7
253 DVdMQj2/YcHDT4xrDNBnXnviDO9G7am/9OE77kEbXrp7QPxvhjkicHNwy2rEflAA
254 zn075rtEERDHr8nRYiDh8eVrefSO7D+bdQ7gv+7GsYMsd2auJWi1dHOSfTr9HIF4
255 HJhWXT9d2f8W+diRYXGh4X0wYiGg6na/soXc+vdtDYBzIxanRqjg8jCAeo1eOTk1
256 EdTwhcTZlI0x5pvJ3H0+4hA2jtldVtmPM4OTB0cTrEWBad7XV6YgiyuII73Ve3I=
258 \-\-\-\-\-END PGP SIGNATURE\-\-\-\-\-
262 signed commit message body
279 \fBgit verify\-commit [\-v]\fR
281 \fBgit show \-\-show\-signature\fR)
288 gpg: Signature made Wed Jun 15 10:58:57 2016 CEST using RSA key ID B7227189
289 gpg: Good signature from "Eris Discordia <discord@example\&.net>"
290 gpg: WARNING: This key is not certified with a trusted signature!
291 gpg: There is no indication that the signature belongs to the owner\&.
292 Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA 29A4 6109 2E85 B722 7189
293 tree eebfed94e75e7760540d1485c740902590a00332
294 parent 04b871796dc0420f8e7561a895b52484b701d51a
295 author A U Thor <author@example\&.com> 1465981137 +0000
296 committer C O Mitter <committer@example\&.com> 1465981137 +0000
300 signed commit message body
306 .SH "MERGETAG SIGNATURES"
329 payload/embedding: the whole signed tag object is embedded into the (merge) commit object as header entry
341 example: merge of the signed tag
350 tree c7b1cff039a93f3600a1d18b82d26688668c7dea
351 parent c33429be94b5f2d3ee9b0adad223f877f174b05d
352 parent 04b871796dc0420f8e7561a895b52484b701d51a
353 author A U Thor <author@example\&.com> 1465982009 +0000
354 committer C O Mitter <committer@example\&.com> 1465982009 +0000
355 mergetag object 04b871796dc0420f8e7561a895b52484b701d51a
358 tagger C O Mitter <committer@example\&.com> 1465981006 +0000
362 signed tag message body
363 \-\-\-\-\-BEGIN PGP SIGNATURE\-\-\-\-\-
366 iQEcBAABAgAGBQJXYRhOAAoJEGEJLoW3InGJklkIAIcnhL7RwEb/+QeX9enkXhxn
367 rxfdqrvWd1K80sl2TOt8Bg/NYwrUBw/RWJ+sg/hhHp4WtvE1HDGHlkEz3y11Lkuh
368 8tSxS3qKTxXUGozyPGuE90sJfExhZlW4knIQ1wt/yWqM+33E9pN4hzPqLwyrdods
369 q8FWEqPPUbSJXoMbRPw04S5jrLtZSsUWbRYjmJCHzlhSfFWW4eFd37uquIaLUBS0
370 rkC3Jrx7420jkIpgFcTI2s60uhSQLzgcCwdA2ukSYIRnjg/zDkj8+3h/GaROJ72x
371 lZyI6HWixKJkWw8lE9aAOD9TmTW9sFJwcVAzmAuFX2kUreDUKMZduGcoRYGpD7E=
373 \-\-\-\-\-END PGP SIGNATURE\-\-\-\-\-
375 Merge tag \*(Aqsignedtag\*(Aq into downstream
379 signed tag message body
381 # gpg: Signature made Wed Jun 15 08:56:46 2016 UTC using RSA key ID B7227189
382 # gpg: Good signature from "Eris Discordia <discord@example\&.net>"
383 # gpg: WARNING: This key is not certified with a trusted signature!
384 # gpg: There is no indication that the signature belongs to the owner\&.
385 # Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA 29A4 6109 2E85 B722 7189
401 verify with: verification is embedded in merge commit message by default, alternatively with
402 \fBgit show \-\-show\-signature\fR:
409 commit 9863f0c76ff78712b6800e199a46aa56afbcbd49
410 merged tag \*(Aqsignedtag\*(Aq
411 gpg: Signature made Wed Jun 15 10:56:46 2016 CEST using RSA key ID B7227189
412 gpg: Good signature from "Eris Discordia <discord@example\&.net>"
413 gpg: WARNING: This key is not certified with a trusted signature!
414 gpg: There is no indication that the signature belongs to the owner\&.
415 Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA 29A4 6109 2E85 B722 7189
416 Merge: c33429b 04b8717
417 Author: A U Thor <author@example\&.com>
418 Date: Wed Jun 15 09:13:29 2016 +0000
420 Merge tag \*(Aqsignedtag\*(Aq into downstream
424 signed tag message body
426 # gpg: Signature made Wed Jun 15 08:56:46 2016 UTC using RSA key ID B7227189
427 # gpg: Good signature from "Eris Discordia <discord@example\&.net>"
428 # gpg: WARNING: This key is not certified with a trusted signature!
429 # gpg: There is no indication that the signature belongs to the owner\&.
430 # Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA 29A4 6109 2E85 B722 7189
438 Part of the \fBgit\fR(1) suite