gitformat-signature - Git cryptographic signature formats
<[tag|commit] object header(s)>
Git uses cryptographic signatures in various places, currently objects (tags, commits, mergetags) and transactions (pushes). In every case, the command which is about to create an object or transaction determines a payload from that, calls gpg to obtain a detached signature for the payload (
gpg -bsa) and embeds the signature into the object or transaction.
Signatures always begin with
-----BEGIN PGP SIGNATURE----- and end with
-----END PGP SIGNATURE-----, unless gpg is told to produce RFC1991 signatures which use
MESSAGE instead of
Signatures sometimes appear as a part of the normal payload (e.g. a signed tag has the signature block appended after the payload that the signature applies to), and sometimes appear in the value of an object header (e.g. a merge commit that merged a signed tag would have the entire tag contents on its "mergetag" header). In the case of the latter, the usual multi-line formatting rule for object headers applies. I.e. the second and subsequent lines are prefixed with a SP to signal that the line is continued from the previous line.
This is even true for an originally empty line. In the following examples, the end of line that ends with a whitespace letter is highlighted with a
$ sign; if you are trying to recreate these example by hand, do not cut and paste them---they are there primarily to highlight extra whitespace at the end of some lines.
The signed payload and the way the signature is embedded depends on the type of the object resp. transaction.