Git
英文 ▾ 主題 ▾ 最新版本 ▾ gitformat-signature 最後更新於 2.40.0

名稱

gitformat-signature - Git 加密簽章格式

概要

<[tag|commit] object header(s)>
<over-the-wire protocol>

描述

Git 在多個地方使用加密簽章,目前為物件(標籤、提交、合併標籤)和交易(推送)。在每種情況下,即將建立物件或交易的命令會從中決定一個有效負載,呼叫外部程式以獲取有效負載的獨立簽章(在 PGP 簽章的情況下為 gpg -bsa),並將簽章嵌入到物件或交易中。

簽章以 "ASCII Armor" 標頭行開始,並以尾行結束,這些行根據簽章類型(由 gpg.format 選取,請參閱 git-config[1])而有所不同。這些是針對 gpg.format 值:

gpg (PGP)

-----BEGIN PGP SIGNATURE----------END PGP SIGNATURE-----。或者,如果 gpg 被告知產生 RFC1991 簽章,則為 -----BEGIN PGP MESSAGE----------END PGP MESSAGE-----

ssh (SSH)

-----BEGIN SSH SIGNATURE----------END SSH SIGNATURE-----

x509 (X.509)

-----BEGIN SIGNED MESSAGE----------END SIGNED MESSAGE-----

簽章有時會作為正常有效負載的一部分出現(例如,已簽署的標籤會在簽章所適用的有效負載之後附加簽章區塊),有時會出現在物件標頭的值中(例如,合併已簽署標籤的合併提交會在「mergetag」標頭上包含整個標籤內容)。在後者的情況下,適用於物件標頭的常見多行格式規則。也就是說,第二行和後續行以 SP 作為前綴,表示該行是從上一行繼續的。

即使是原本空白的行也是如此。在以下範例中,以空白字元結尾的行尾以 $ 符號突出顯示;如果您嘗試手動重新建立這些範例,請勿複製並貼上它們—它們主要用於突出顯示某些行尾的多餘空白。

已簽署的有效負載和簽章嵌入方式取決於物件或交易的類型。

標籤簽章

  • 由以下指令建立:git tag -s

  • 有效負載:帶註釋的標籤物件

  • 嵌入:將簽章附加到未簽署的標籤物件

  • 範例:主題為 signed tag 的標籤 signedtag

object 04b871796dc0420f8e7561a895b52484b701d51a
type commit
tag signedtag
tagger C O Mitter <committer@example.com> 1465981006 +0000

signed tag

signed tag message body
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAABAgAGBQJXYRhOAAoJEGEJLoW3InGJklkIAIcnhL7RwEb/+QeX9enkXhxn
rxfdqrvWd1K80sl2TOt8Bg/NYwrUBw/RWJ+sg/hhHp4WtvE1HDGHlkEz3y11Lkuh
8tSxS3qKTxXUGozyPGuE90sJfExhZlW4knIQ1wt/yWqM+33E9pN4hzPqLwyrdods
q8FWEqPPUbSJXoMbRPw04S5jrLtZSsUWbRYjmJCHzlhSfFWW4eFd37uquIaLUBS0
rkC3Jrx7420jkIpgFcTI2s60uhSQLzgcCwdA2ukSYIRnjg/zDkj8+3h/GaROJ72x
lZyI6HWixKJkWw8lE9aAOD9TmTW9sFJwcVAzmAuFX2kUreDUKMZduGcoRYGpD7E=
=jpXa
-----END PGP SIGNATURE-----

  • 使用以下指令驗證:git verify-tag [-v]git tag -v

gpg: Signature made Wed Jun 15 10:56:46 2016 CEST using RSA key ID B7227189
gpg: Good signature from "Eris Discordia <discord@example.net>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA  29A4 6109 2E85 B722 7189
object 04b871796dc0420f8e7561a895b52484b701d51a
type commit
tag signedtag
tagger C O Mitter <committer@example.com> 1465981006 +0000

signed tag

signed tag message body

提交簽章

  • 由以下指令建立:git commit -S

  • 有效負載:提交物件

  • 嵌入:標頭項目 gpgsig(內容前面有一個空格)

  • 範例:主題為 signed commit 的提交

tree eebfed94e75e7760540d1485c740902590a00332
parent 04b871796dc0420f8e7561a895b52484b701d51a
author A U Thor <author@example.com> 1465981137 +0000
committer C O Mitter <committer@example.com> 1465981137 +0000
gpgsig -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 $
 iQEcBAABAgAGBQJXYRjRAAoJEGEJLoW3InGJ3IwIAIY4SA6GxY3BjL60YyvsJPh/
 HRCJwH+w7wt3Yc/9/bW2F+gF72kdHOOs2jfv+OZhq0q4OAN6fvVSczISY/82LpS7
 DVdMQj2/YcHDT4xrDNBnXnviDO9G7am/9OE77kEbXrp7QPxvhjkicHNwy2rEflAA
 zn075rtEERDHr8nRYiDh8eVrefSO7D+bdQ7gv+7GsYMsd2auJWi1dHOSfTr9HIF4
 HJhWXT9d2f8W+diRYXGh4X0wYiGg6na/soXc+vdtDYBzIxanRqjg8jCAeo1eOTk1
 EdTwhcTZlI0x5pvJ3H0+4hA2jtldVtmPM4OTB0cTrEWBad7XV6YgiyuII73Ve3I=
 =jKHM
 -----END PGP SIGNATURE-----

signed commit

signed commit message body

  • 使用以下指令驗證:git verify-commit [-v](或 git show --show-signature

gpg: Signature made Wed Jun 15 10:58:57 2016 CEST using RSA key ID B7227189
gpg: Good signature from "Eris Discordia <discord@example.net>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA  29A4 6109 2E85 B722 7189
tree eebfed94e75e7760540d1485c740902590a00332
parent 04b871796dc0420f8e7561a895b52484b701d51a
author A U Thor <author@example.com> 1465981137 +0000
committer C O Mitter <committer@example.com> 1465981137 +0000

signed commit

signed commit message body

合併標籤簽章

  • 由以下指令建立:在已簽署的標籤上執行 git merge

  • 有效負載/嵌入:整個已簽署的標籤物件會作為標頭項目 mergetag 嵌入到(合併)提交物件中

  • 範例:合併上述已簽署的標籤 signedtag

tree c7b1cff039a93f3600a1d18b82d26688668c7dea
parent c33429be94b5f2d3ee9b0adad223f877f174b05d
parent 04b871796dc0420f8e7561a895b52484b701d51a
author A U Thor <author@example.com> 1465982009 +0000
committer C O Mitter <committer@example.com> 1465982009 +0000
mergetag object 04b871796dc0420f8e7561a895b52484b701d51a
 type commit
 tag signedtag
 tagger C O Mitter <committer@example.com> 1465981006 +0000
 $
 signed tag
 $
 signed tag message body
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 $
 iQEcBAABAgAGBQJXYRhOAAoJEGEJLoW3InGJklkIAIcnhL7RwEb/+QeX9enkXhxn
 rxfdqrvWd1K80sl2TOt8Bg/NYwrUBw/RWJ+sg/hhHp4WtvE1HDGHlkEz3y11Lkuh
 8tSxS3qKTxXUGozyPGuE90sJfExhZlW4knIQ1wt/yWqM+33E9pN4hzPqLwyrdods
 q8FWEqPPUbSJXoMbRPw04S5jrLtZSsUWbRYjmJCHzlhSfFWW4eFd37uquIaLUBS0
 rkC3Jrx7420jkIpgFcTI2s60uhSQLzgcCwdA2ukSYIRnjg/zDkj8+3h/GaROJ72x
 lZyI6HWixKJkWw8lE9aAOD9TmTW9sFJwcVAzmAuFX2kUreDUKMZduGcoRYGpD7E=
 =jpXa
 -----END PGP SIGNATURE-----

Merge tag 'signedtag' into downstream

signed tag

signed tag message body

# gpg: Signature made Wed Jun 15 08:56:46 2016 UTC using RSA key ID B7227189
# gpg: Good signature from "Eris Discordia <discord@example.net>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA  29A4 6109 2E85 B722 7189

  • 使用以下指令驗證:預設情況下,驗證會嵌入到合併提交訊息中,或者使用 git show --show-signature

commit 9863f0c76ff78712b6800e199a46aa56afbcbd49
merged tag 'signedtag'
gpg: Signature made Wed Jun 15 10:56:46 2016 CEST using RSA key ID B7227189
gpg: Good signature from "Eris Discordia <discord@example.net>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA  29A4 6109 2E85 B722 7189
Merge: c33429b 04b8717
Author: A U Thor <author@example.com>
Date:   Wed Jun 15 09:13:29 2016 +0000

    Merge tag 'signedtag' into downstream

    signed tag

    signed tag message body

    # gpg: Signature made Wed Jun 15 08:56:46 2016 UTC using RSA key ID B7227189
    # gpg: Good signature from "Eris Discordia <discord@example.net>"
    # gpg: WARNING: This key is not certified with a trusted signature!
    # gpg:          There is no indication that the signature belongs to the owner.
    # Primary key fingerprint: D4BE 2231 1AD3 131E 5EDA  29A4 6109 2E85 B722 7189

GIT

git[1] 套件的一部分

scroll-to-top