This RFC patchset is the beginning of a project generously sponsored by Google and the Linux Foundation to modify Git to have universal cryptographic signing capabilities. Curently Git only supports gpg and gpgsm and the primary goal is to create the ability to use any signing/verification tool to sign Git commits, tags, mergetags, and pushes with a specific emphasis on supporting OpenSSH. The goals of this project are: - maintain full backwards compatibility without intervention. if it works today, it will work after these patches land without any modification to configs or support scripts. - remove all tool-specific code and replace it with a protocol driver for using a standard protocol to talk to external signing and verification tools. - normalize all of the command line switches so that they are the same for all tools that support signing and they are no longer tool specific (e.g. --sign instead of --gpgsign). - add a new sign.* configuration structure for specifying tool specific configuration options (e.g. sign.openpgp.program) and deprecate all of the signing related config options that are no longer needed (e.g. user.signingKey). - make Git completely agnostic to the details of any signing regime by storing signature data and options verbatim inside of signed objects that it later passes to the associated verification tool. - add new tests needed to cover the new functionality while keeping all of the old tests passing to verify backwards compatibility. The proposed protocol for talking to signing/verification tools is a pkt-line based protocol inspired by the Assuan protocol used by GPG for IPC between its component executables. The full write-up on the proposed protocol is here: https://github.com/TrustFrame/git-cryptography-protocol/blob/main/Git%20Cryptography%20Protocol.md Like I said, this patchset is just the start of the project and all I have done here is gone through all of the existing documentation and updated it to reflect the normalized command line and config options as well as documented the new sign.* config options and the proposed signature format. I am especially looking for feedback on the proposed protocol, signature format and config structure. I have plans to follow up this project with another project to add support for config directories (e.g. .gitconfig.d) so that package maintainers will have an easier time of adding sign.* config values for arbitrary signing tools. As of right now, I have only grok'ed the handling of signed objects and I have ignored signed pushes. I will be updating this patchset with changes to the documentation for supporting universal signed pushes. There's some sticky details around the transition to SHA256 that I think I have worked out well enough that it won't get in the way. That is documented in the hash-function-transition.txt file. I know there is a lot here, this project cuts deep and will require tons of test driven development to avoid killing the patient during surgery. I look forward to the many long conversations on details ;) Cheers! Dave Huseby (1): Modifies documentation for universal cryptographic signing Documentation/config.txt | 2 + Documentation/config/commit.txt | 23 +- Documentation/config/gpg.txt | 36 +-- Documentation/config/push.txt | 18 +- Documentation/config/sign.txt | 72 ++++++ Documentation/config/tag.txt | 27 +- Documentation/config/user.txt | 12 +- Documentation/git-am.txt | 43 +++- Documentation/git-cherry-pick.txt | 43 +++- Documentation/git-commit-tree.txt | 44 +++- Documentation/git-commit.txt | 43 +++- Documentation/git-fast-import.txt | 2 +- Documentation/git-for-each-ref.txt | 2 +- Documentation/git-mktag.txt | 32 ++- Documentation/git-rebase.txt | 44 +++- Documentation/git-revert.txt | 44 +++- Documentation/git-tag.txt | 102 +++++--- Documentation/git-verify-commit.txt | 8 +- Documentation/git-verify-tag.txt | 8 +- Documentation/merge-options.txt | 40 ++- Documentation/pretty-formats.txt | 2 +- Documentation/pretty-options.txt | 2 +- .../technical/hash-function-transition.txt | 31 ++- .../technical/signature-format-v2.txt | 232 ++++++++++++++++++ Documentation/user-manual.txt | 40 +-- 25 files changed, 747 insertions(+), 205 deletions(-) create mode 100644 Documentation/config/sign.txt create mode 100644 Documentation/technical/signature-format-v2.txt -- 2.20.1
