This document only explained PGP signatures, but Git now supports X.509 and SSH signatures. Signed-off-by: Gwyneth Morgan <gwymor@xxxxxxxxxx> --- Documentation/gitformat-signature.txt | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/Documentation/gitformat-signature.txt b/Documentation/gitformat-signature.txt index d8e3eb1bac..5f0c9202e3 100644 --- a/Documentation/gitformat-signature.txt +++ b/Documentation/gitformat-signature.txt @@ -17,12 +17,26 @@ DESCRIPTION Git uses cryptographic signatures in various places, currently objects (tags, commits, mergetags) and transactions (pushes). In every case, the command which is about to create an object or transaction determines a payload from that, -calls gpg to obtain a detached signature for the payload (`gpg -bsa`) and -embeds the signature into the object or transaction. - -Signatures always begin with `-----BEGIN PGP SIGNATURE-----` -and end with `-----END PGP SIGNATURE-----`, unless gpg is told to -produce RFC1991 signatures which use `MESSAGE` instead of `SIGNATURE`. +calls an external program to obtain a detached signature for the payload +(`gpg -bsa` in the case of PGP signatures), and embeds the signature into the +object or transaction. + +Signatures begin with an ASCII Armor header line and end with a tail line, +which differ depending on signature type. + +PGP:: + Signatures begin with `-----BEGIN PGP SIGNATURE-----` and end + with `-----END PGP SIGNATURE-----`, unless gpg is told to + produce RFC1991 signatures which use `MESSAGE` instead of + `SIGNATURE`. + +SSH:: + Signatures begin with `-----BEGIN SSH SIGNATURE-----` and end + with `-----END SSH SIGNATURE-----`. + +X.509:: + Signatures begin with `-----BEGIN SIGNED MESSAGE-----` and end + with `-----END SIGNED MESSAGE-----`. Signatures sometimes appear as a part of the normal payload (e.g. a signed tag has the signature block appended after the payload
