aboutsummaryrefslogtreecommitdiffstats
path: root/plumbing/object/signature.go
Commit message (Collapse)AuthorAgeFilesLines
* plumbing: signature, support the same x509 signature formats as gitYoav Amit2024-08-201-0/+1
| | | | | Commits and tags signed with x509 certificates may be encoded with the `SIGNED MESSAGE` PEM label. This behavior is consistent in [git](https://github.com/git/git/blob/master/gpg-interface.c\#L63) and [gpgsm](https://github.com/gpg/gnupg/blob/master/sm/sign.c\#L650) which is commonly used to produce these types of signatures.
* plumbing: support SSH/X509 signed tagsHidde Beydals2023-02-271-0/+101
This commit enables support for extracting the SSH and X509 signatures from (annotated) Git tags, as an initial step to support the verification of more signatures than just PGP in go-git. The ported logic from Git further ensures that we look for a signature at the tail of an annotation, instead of the first signature we find in the annotation, as this could theoretically result in a faulty signature getting detected if part of a an annotation itself (e.g. by being placed in the middle as part of an inherited message). For commits, no further change is required as the current extraction of any signature (format) from `gpgsig` in the commit header is sufficient for manual verification. In a future iteration, we could add `signature/ssh` and `signature/x509` packages to further enable people to deal with verifying other signatures than PGP. As well as adding additional methods to `Commit` and `Tag` to provide glue between the packages and the most prominent user-facing APIs. Signed-off-by: Hidde Beydals <hidde@hhh.computer>