Home Explore Blog CI



git
2nd chunk of `Documentation/config/gpg.adoc`
9809a16bcb969bb7590f70f843641b497df6f7be504b5f4a0000000100000c0e
 "gpgsm" and `gpg.ssh.program` is "ssh-keygen".

gpg.minTrustLevel::
	Specifies a minimum trust level for signature verification.  If
	this option is unset, then signature verification for merge
	operations requires a key with at least `marginal` trust.  Other
	operations that perform signature verification require a key
	with at least `undefined` trust.  Setting this option overrides
	the required trust-level for all operations.  Supported values,
	in increasing order of significance:
+
* `undefined`
* `never`
* `marginal`
* `fully`
* `ultimate`

gpg.ssh.defaultKeyCommand::
	This command will be run when user.signingkey is not set and a ssh
	signature is requested. On successful exit a valid ssh public key
	prefixed with `key::` is expected in the first line of its output.
	This allows for a script doing a dynamic lookup of the correct public
	key when it is impractical to statically configure `user.signingKey`.
	For example when keys or SSH Certificates are rotated frequently or
	selection of the right key depends on external factors unknown to git.

gpg.ssh.allowedSignersFile::
	A file containing ssh public keys which you are willing to trust.
	The file consists of one or more lines of principals followed by an ssh
	public key.
	e.g.: `user1@example.com,user2@example.com ssh-rsa AAAAX1...`
	See ssh-keygen(1) "ALLOWED SIGNERS" for details.
	The principal is only used to identify the key and is available when
	verifying a signature.
+
SSH has no concept of trust levels like gpg does. To be able to differentiate
between valid signatures and trusted signatures the trust level of a signature
verification is set to `fully` when the public key is present in the allowedSignersFile.
Otherwise the trust level is `undefined` and git verify-commit/tag will fail.
+
This file can be set to a location outside of the repository and every developer
maintains their own trust store. A central repository server could generate this
file automatically from ssh keys with push access to verify the code against.
In a corporate setting this file is probably generated at a global location
from automation that already handles developer ssh keys.
+
A repository that only allows signed commits can store the file
in the repository itself using a path relative to the top-level of the working tree.
This way only committers with an already valid key can add or change keys in the keyring.
+
Since OpensSSH 8.8 this file allows specifying a key lifetime using valid-after &
valid-before options. Git will mark signatures as valid if the signing key was
valid at the time of the signature's creation. This allows users to change a
signing key without invalidating all previously made signatures.
+
Using a SSH CA key with the cert-authority option
(see ssh-keygen(1) "CERTIFICATES") is also valid.

gpg.ssh.revocationFile::
	Either a SSH KRL or a list of revoked public keys (without the principal prefix).
	See ssh-keygen(1) for details.
	If a public key is found in this file then it will always be treated
	as having trust level "never" and signatures will show as invalid.
Title: Git GPG SSH Configuration Options
Summary
This section describes Git configuration options for SSH signing, including minimum trust levels, default key commands, allowed signers files, and revocation files, which enable secure signing and verification of commits and tags using SSH keys.