Scripts to sign and verify Git commits using Minisign
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
SkyFox42 ff328df1a6 Add code to check if Minisign is installed 5 months ago
sh Add code to check if Minisign is installed 5 months ago
LICENSE Add git-minisign-verify.sh 5 months ago
README.md Remove the part about pushing notes by default from README 5 months ago

README.md

git-minisign

Scripts to sign and verify Git commits using Minisign

How does it work

  • git-minisign-sign.sh

    Signs the commit object under the given hash and then saves the signature to Git notes. If the commit object with the given hash does not exist, it first tries to unpack .pack files in .git/objects/pack.

    Once you do git push, you also have to do git push remote_name refs/notes/commits to push the notes to the repo.

  • git-minisign-verify.sh

    Fetches commit notes, then extracts the signature from the note of the commit under the given hash, checks if the commit is unpacked, unpacks the commit if needed and then verifies the signature.

Commit signing

Commits are signed using Minisign and signatures are stored in git notes.

Pubkey: RWSxb5gftMn69bFHSOfM7flSRDB/eSjBpz97oXOZD0amGuybqyJ5JYL+