runsisi's

technical notes

git gpg 签名

2019-04-15 runsisi#git#gpg

查找到需要用于 gpg 签名的密钥对 id:

~$ gpg -k
/home/runsisi/.gnupg/pubring.gpg
--------------------------------
pub   rsa2048/759D8517 2018-01-06 [SC]
      2915D352D6652715FB9AB146C08D7AE1759D8517
uid         [ultimate] dev <dev@example.com>
sub   rsa2048/1B971CBF 2018-01-06 [E]

pub   rsa3072/C7E8A950 2019-04-13 [SC] [expires: 2021-04-12]
      6DF6CFC20424F5CA2BC540E768CCC50DC7E8A950
uid         [ultimate] luo.runbing (https://www.example.com/) <luo.runbing@example.com>
uid         [ultimate] runsisi (https://runsisi.com/) <runsisi@hust.edu.cn>
sub   rsa3072/D2E0CB2D 2019-04-13 [E] [expires: 2021-04-12]
sub   rsa3072/8D77F675 2019-04-13 [S] [expires: 2020-04-12]

配置 git 显式使用 gpg2 以及用于签名的私钥:

~$ git config --global gpg.program gpg2
~$ git config --global commit.gpgSign true
~$ git config --global user.signingkey 8D77F675

创建 commit 时使用签名(由于配置了 commit.gpgSign 为 true,因此可以不显式指定 -S):

-S

~$ git ci -asS -m 'add x.sh'
[master 048c9a7] add x.sh
 1 file changed, 13 insertions(+)
 create mode 100755 x.sh
~$ git log --show-signature -1
commit 048c9a717272535d8c3fc1a0eebbedf484a04ae2 (HEAD -> master)
gpg: Signature made Mon 15 Apr 2019 08:06:48 AM CST
gpg:                using RSA key DFD781A7C8334975F2FD0DC7DA3BFDCF8D77F675
gpg: Good signature from "luo.runbing (https://www.example.com/) <luo.runbing@example.com>" [ultimate]
gpg:                 aka "runsisi (https://runsisi.com/) <runsisi@hust.edu.cn>" [ultimate]
Author: runsisi@hust.edu.cn <runsisi@hust.edu.cn>
Date:   Mon Apr 15 08:06:48 2019

    add x.sh

    Signed-off-by: runsisi@hust.edu.cn <runsisi@hust.edu.cn>
~$ git verify-commit HEAD
gpg: Signature made Mon 15 Apr 2019 08:06:48 AM CST
gpg:                using RSA key DFD781A7C8334975F2FD0DC7DA3BFDCF8D77F675
gpg: Good signature from "luo.runbing (https://www.example.com/) <luo.runbing@example.com>" [ultimate]
gpg:                 aka "runsisi (https://runsisi.com/) <runsisi@hust.edu.cn>" [ultimate]

创建 tag 时使用签名:

-s

~$ git tag -as -m 'tag v1.0' v1.0
~$ git show v1.0
tag v1.0
Tagger: runsisi@hust.edu.cn <runsisi@hust.edu.cn>
Date:   Mon Apr 15 08:09:32 2019

tag v1.0
-----BEGIN PGP SIGNATURE-----

iQGzBAABCgAdFiEE39eBp8gzSXXy/Q3H2jv9z4139nUFAlyzy7wACgkQ2jv9z413
9nUEPgv+K7GoE4mqpP5dBzQC1xYrexuu0Tz21HXtXuvh3AC3TLECNjFmkofA/Z0+
/taA2g2zHx+PpRuR8jUazH7R1LWoKvKYGsLwf878O4aRpLUptUx4fwyywlFeJ6g4
DWGZZCQO7eXoSCNtGtrjg9yqC/fl/mNjh19rosFM1+jd9FnloIWWNmjdabP5vkZ9
wvNLyxEFwwOrEIhhnxaHKCncwS7RGlxsUGRhmgVMJ+B8XTQxB76Wx9iIQnNQhbYw
1AFosR0W58LAaDssoVE5Bqyi08n9RFpv+HV1Kk+F8w7MpliqNW6LpAx/+z+89PSz
sqKfCncZjvng9O8sMhOlUoEYRiAzp9LfXrcGdVLZZRCrLZvfgspHZ5WFoWEZNGFm
jbF4HtgCrNWe1t/H2tzh5ip52g/MaK+3JAIHJeK7qArOQeyuiBLwXT+joh3WOuZB
NnGPgpU/rkyZFphW53b7Fj/k0QjK/lb0QjfEx7eIkWELH/5E+MakB4A0Qaiz6y8J
Kxhh4pfv
=3F9X
-----END PGP SIGNATURE-----

commit 048c9a717272535d8c3fc1a0eebbedf484a04ae2 (HEAD -> master, tag: v1.0)
Author: runsisi@hust.edu.cn <runsisi@hust.edu.cn>
Date:   Mon Apr 15 08:06:48 2019
...
~$ git verify-tag v1.0
gpg: Signature made Mon 15 Apr 2019 08:09:32 AM CST
gpg:                using RSA key DFD781A7C8334975F2FD0DC7DA3BFDCF8D77F675
gpg: Good signature from "luo.runbing (https://www.example.com/) <luo.runbing@example.com>" [ultimate]
gpg:                 aka "runsisi (https://runsisi.com/) <runsisi@hust.edu.cn>" [ultimate]

参考资料

Git error - gpg failed to sign data

https://stackoverflow.com/questions/39494631/gpg-failed-to-sign-the-data-fatal-failed-to-write-commit-object-git-2-10-0

Set up Keybase.io, GPG & Git to sign commits on GitHub

https://github.com/pstadler/keybase-gpg-github