Andrew's git / gitweb.git / Documentation/technical/signature-format.txt
?
Documentation / technical / signature-format.txton commit Documentation/technical: signed tag format (5f1abfe)
   1Git signature format
   2====================
   3
   4== Overview
   5
   6Git uses cryptographic signatures in various places, currently objects (tags,
   7commits, mergetags) and transactions (pushes). In every case, the command which
   8is about to create an object or transaction determines a payload from that,
   9calls gpg to obtain a detached signature for the payload (`gpg -bsa`) and
  10embeds the signature into the object or transaction.
  11
  12Signatures always begin with `-----BEGIN PGP SIGNATURE-----`
  13and end with `-----END PGP SIGNATURE-----`, unless gpg is told to
  14produce RFC1991 signatures which use `MESSAGE` instead of `SIGNATURE`.
  15
  16The signed payload and the way the signature is embedded depends
  17on the type of the object resp. transaction.
  18
  19== Tag signatures
  20
  21- created by: `git tag -s`
  22- payload: annotated tag object
  23- embedding: append the signature to the unsigned tag object
  24- example: tag `signedtag` with subject `signed tag`
  25
  26----
  27object 04b871796dc0420f8e7561a895b52484b701d51a
  28type commit
  29tag signedtag
  30tagger C O Mitter <committer@example.com> 1465981006 +0000
  31
  32signed tag
  33
  34signed tag message body
  35-----BEGIN PGP SIGNATURE-----
  36Version: GnuPG v1
  37
  38iQEcBAABAgAGBQJXYRhOAAoJEGEJLoW3InGJklkIAIcnhL7RwEb/+QeX9enkXhxn
  39rxfdqrvWd1K80sl2TOt8Bg/NYwrUBw/RWJ+sg/hhHp4WtvE1HDGHlkEz3y11Lkuh
  408tSxS3qKTxXUGozyPGuE90sJfExhZlW4knIQ1wt/yWqM+33E9pN4hzPqLwyrdods
  41q8FWEqPPUbSJXoMbRPw04S5jrLtZSsUWbRYjmJCHzlhSfFWW4eFd37uquIaLUBS0
  42rkC3Jrx7420jkIpgFcTI2s60uhSQLzgcCwdA2ukSYIRnjg/zDkj8+3h/GaROJ72x
  43lZyI6HWixKJkWw8lE9aAOD9TmTW9sFJwcVAzmAuFX2kUreDUKMZduGcoRYGpD7E=
  44=jpXa
  45-----END PGP SIGNATURE-----
  46----
  47
  48- verify with: `git verify-tag [-v]` or `git tag -v`
  49
  50----
  51gpg: Signature made Wed Jun 15 10:56:46 2016 CEST using RSA key ID B7227189
  52gpg: Good signature from "Eris Discordia <discord@example.net>"
  53gpg: WARNING: This key is not certified with a trusted signature!
  54gpg:          There is no indication that the signature belongs to the owner.
  55Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA  29A4 6109 2E85 B722 7189
  56object 04b871796dc0420f8e7561a895b52484b701d51a
  57type commit
  58tag signedtag
  59tagger C O Mitter <committer@example.com> 1465981006 +0000
  60
  61signed tag
  62
  63signed tag message body
  64----