Skip to main content
Frecuentemente publicamos actualizaciones de nuestra documentación. Es posible que la traducción de esta página esté en curso. Para conocer la información más actual, visita la documentación en inglés. Si existe un problema con las traducciones en esta página, por favor infórmanos.
GitHub AE está actualmente en un lanzamiento limitado. Por favor, contacta a nuestro equipo de ventas para conocer más sobre esto.
GitHub AE
Español
 
Authentication
GitHub AE
Español

 

About commit signature verification

En este artículo

Using GPG or S/MIME, you can sign tags and commits locally. These tags or commits are marked as verified on GitHub AE so other people can be confident that the changes come from a trusted source.

About commit signature verification

You can sign commits and tags locally, to give other people confidence about the origin of a change you have made. If a commit or tag has a GPG or S/MIME signature that is cryptographically verifiable, GitHub marks the commit or tag "Verified."

Verified commit

If a commit or tag has a signature that can't be verified, GitHub AE marks the commit or tag "Unverified."

Repository administrators can enforce required commit signing on a branch to block all commits that are not signed and verified. For more information, see "About protected branches."

Puedes comprobar el estado de verificación de tus confirmaciones o etiquetas firmadas en GitHub AE y ver por qué las firmas de tu confirmación podrían no ser verificadas. Para obtener más información, consulta "Comprobar la confirmación y el estado de verificación de firma de la etiqueta".

GPG commit signature verification

You can use GPG to sign commits with a GPG key that you generate yourself.

GitHub AE uses OpenPGP libraries to confirm that your locally signed commits and tags are cryptographically verifiable against a public key you have added to your account on GitHub AE.

To sign commits using GPG and have those commits verified on GitHub AE, follow these steps:

  1. Check for existing GPG keys
  2. Generate a new GPG key
  3. Add a new GPG key to your GitHub account
  4. Tell Git about your signing key
  5. Sign commits
  6. Sign tags

S/MIME commit signature verification

You can use S/MIME to sign commits with an X.509 key issued by your organization.

GitHub AE uses the Debian ca-certificates package, the same trust store used by Mozilla browsers, to confirm that your locally signed commits and tags are cryptographically verifiable against a public key in a trusted root certificate.

Nota: la verificación de firma S/MIME está disponible desde Git 2.19 o posterior. Para actualizar tu versiíon de Git, consulta el sitio web de Git.

To sign commits using S/MIME and have those commits verified on GitHub AE, follow these steps:

  1. Tell Git about your signing key
  2. Sign commits
  3. Sign tags

You don't need to upload your public key to GitHub AE.

Further reading