2 Use this custom program instead of "`gpg`" found on `$PATH` when
3 making or verifying a PGP signature. The program must support the
4 same command-line interface as GPG, namely, to verify a detached
5 signature, "`gpg --verify $signature - <$file`" is run, and the
6 program is expected to signal a good signature by exiting with
7 code 0, and to generate an ASCII-armored detached signature, the
8 standard input of "`gpg -bsau $key`" is fed with the contents to be
9 signed, and the program is expected to send the result to its
13 Specifies which key format to use when signing with `--gpg-sign`.
14 Default is "openpgp". Other possible values are "x509", "ssh".
16 gpg.<format>.program::
17 Use this to customize the program used for the signing format you
18 chose. (see `gpg.program` and `gpg.format`) `gpg.program` can still
19 be used as a legacy synonym for `gpg.openpgp.program`. The default
20 value for `gpg.x509.program` is "gpgsm" and `gpg.ssh.program` is "ssh-keygen".
23 Specifies a minimum trust level for signature verification. If
24 this option is unset, then signature verification for merge
25 operations require a key with at least `marginal` trust. Other
26 operations that perform signature verification require a key
27 with at least `undefined` trust. Setting this option overrides
28 the required trust-level for all operations. Supported values,
29 in increasing order of significance:
37 gpg.ssh.defaultKeyCommand:
38 This command that will be run when user.signingkey is not set and a ssh
39 signature is requested. On successful exit a valid ssh public key is
40 expected in the first line of its output. To automatically use the first
41 available key from your ssh-agent set this to "ssh-add -L".
43 gpg.ssh.allowedSignersFile::
44 A file containing ssh public keys which you are willing to trust.
45 The file consists of one or more lines of principals followed by an ssh
47 e.g.: `user1@example.com,user2@example.com ssh-rsa AAAAX1...`
48 See ssh-keygen(1) "ALLOWED SIGNERS" for details.
49 The principal is only used to identify the key and is available when
50 verifying a signature.
52 SSH has no concept of trust levels like gpg does. To be able to differentiate
53 between valid signatures and trusted signatures the trust level of a signature
54 verification is set to `fully` when the public key is present in the allowedSignersFile.
55 Otherwise the trust level is `undefined` and git verify-commit/tag will fail.
57 This file can be set to a location outside of the repository and every developer
58 maintains their own trust store. A central repository server could generate this
59 file automatically from ssh keys with push access to verify the code against.
60 In a corporate setting this file is probably generated at a global location
61 from automation that already handles developer ssh keys.
63 A repository that only allows signed commits can store the file
64 in the repository itself using a path relative to the top-level of the working tree.
65 This way only committers with an already valid key can add or change keys in the keyring.
67 Using a SSH CA key with the cert-authority option
68 (see ssh-keygen(1) "CERTIFICATES") is also valid.
70 gpg.ssh.revocationFile::
71 Either a SSH KRL or a list of revoked public keys (without the principal prefix).
72 See ssh-keygen(1) for details.
73 If a public key is found in this file then it will always be treated
74 as having trust level "never" and signatures will show as invalid.