About commit signature verification
You can sign commits and tags locally, to give other people confidence about the origin of a change you have made. If a commit or tag has a GPG or S/MIME signature that is cryptographically verifiable, GitHub Enterprise Server marks the commit or tag "Verified."
If a commit or tag has a signature that can't be verified, GitHub Enterprise Server marks the commit or tag "Unverified."
Repository administrators can enforce required commit signing on a branch to block all commits that are not signed and verified. For more information, see "About protected branches."
Puedes comprobar el estado de verificación de tus confirmaciones o etiquetas firmadas en GitHub Enterprise Server y ver por qué las firmas de tu confirmación podrían no ser verificadas. Para más información, vea "Comprobación del estado de comprobación de firma de confirmación y etiquetas".
GPG commit signature verification
You can use GPG to sign commits with a GPG key that you generate yourself.
GitHub Enterprise Server uses OpenPGP libraries to confirm that your locally signed commits and tags are cryptographically verifiable against a public key you have added to your account on your GitHub Enterprise Server instance.
To sign commits using GPG and have those commits verified on GitHub Enterprise Server, follow these steps:
- Check for existing GPG keys
- Generate a new GPG key
- Add a GPG key to your GitHub account
- Tell Git about your signing key
- Sign commits
- Sign tags
S/MIME commit signature verification
You can use S/MIME to sign commits with an X.509 key issued by your organization.
GitHub Enterprise Server uses the Debian ca-certificates package, the same trust store used by Mozilla browsers, to confirm that your locally signed commits and tags are cryptographically verifiable against a public key in a trusted root certificate.
Nota: La comprobación de la firma S/MIME está disponible en Git� 2.19 o posterior. Para actualizar la versión de Git, vea el sitio web de Git.
To sign commits using S/MIME and have those commits verified on GitHub Enterprise Server, follow these steps:
You don't need to upload your public key to GitHub Enterprise Server.