Google Git
Sign in
googlers / jrn / git / 9a4e18b7010f4f0136e71af3f701d10688b98a73^1..9a4e18b7010f4f0136e71af3f701d10688b98a73 / .
commit9a4e18b7010f4f0136e71af3f701d10688b98a73[log] [tgz]
authorJunio C Hamano <gitster@pobox.com>Mon Mar 06 21:51:56 2023 -0800
committerJunio C Hamano <gitster@pobox.com>Mon Mar 06 21:51:56 2023 -0800
tree14026bd9a02248b27602ae76af0a12a8724354dd
parentd15644fe0226af7ffc874572d968598564a230dd [diff]
parent31a431b18b33cdfee7ddb61e63902bb1c3964bd5 [diff]
Merge branch 'gm/signature-format-doc'

Doc update.

* gm/signature-format-doc:
  signature-format.txt: note SSH and X.509 signature delimiters

diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt
index 86f6308..37e2831 100644
--- a/Documentation/config/gpg.txt
+++ b/Documentation/config/gpg.txt

@@ -12,6 +12,9 @@
 gpg.format::
 	Specifies which key format to use when signing with `--gpg-sign`.
 	Default is "openpgp". Other possible values are "x509", "ssh".
++
+See linkgit:gitformat-signature[5] for the signature format, which differs
+based on the selected `gpg.format`.
 
 gpg.<format>.program::
 	Use this to customize the program used for the signing format you

diff --git a/Documentation/gitformat-signature.txt b/Documentation/gitformat-signature.txt
index d8e3eb1..d4d3a31 100644
--- a/Documentation/gitformat-signature.txt
+++ b/Documentation/gitformat-signature.txt

@@ -17,12 +17,24 @@
 Git uses cryptographic signatures in various places, currently objects (tags,
 commits, mergetags) and transactions (pushes). In every case, the command which
 is about to create an object or transaction determines a payload from that,
-calls gpg to obtain a detached signature for the payload (`gpg -bsa`) and
-embeds the signature into the object or transaction.
+calls an external program to obtain a detached signature for the payload
+(`gpg -bsa` in the case of PGP signatures), and embeds the signature into the
+object or transaction.
 
-Signatures always begin with `-----BEGIN PGP SIGNATURE-----`
-and end with `-----END PGP SIGNATURE-----`, unless gpg is told to
-produce RFC1991 signatures which use `MESSAGE` instead of `SIGNATURE`.
+Signatures begin with an "ASCII Armor" header line and end with a tail line,
+which differ depending on signature type (as selected by `gpg.format`, see
+linkgit:git-config[1]). These are, for `gpg.format` values:
+
+`gpg` (PGP)::
+	`-----BEGIN PGP SIGNATURE-----` and `-----END PGP SIGNATURE-----`.
+	Or, if gpg is told to produce RFC1991 signatures,
+	`-----BEGIN PGP MESSAGE-----` and `-----END PGP MESSAGE-----`
+
+`ssh` (SSH)::
+	`-----BEGIN SSH SIGNATURE-----` and `-----END SSH SIGNATURE-----`
+
+`x509` (X.509)::
+	`-----BEGIN SIGNED MESSAGE-----` and `-----END SIGNED MESSAGE-----`
 
 Signatures sometimes appear as a part of the normal payload
 (e.g. a signed tag has the signature block appended after the payload