About commit signature verification
You can sign commits and tags locally, to give other people confidence about the origin of a change you have made. If a commit or tag has a GPG or S/MIME signature that is cryptographically verifiable, GitHub marks the commit or tag "Verified."
If a commit or tag has a signature that can't be verified, GitHub AE marks the commit or tag "Unverified."
Repository administrators can enforce required commit signing on a branch to block all commits that are not signed and verified. For more information, see "About protected branches."
Puedes comprobar el estado de verificación de tus confirmaciones o etiquetas firmadas en GitHub AE y ver por qué las firmas de tu confirmación podrían no ser verificadas. Para obtener más información, consulta "Comprobar la confirmación y el estado de verificación de firma de la etiqueta".
GPG commit signature verification
You can use GPG to sign commits with a GPG key that you generate yourself.
GitHub AE uses OpenPGP libraries to confirm that your locally signed commits and tags are cryptographically verifiable against a public key you have added to your account on GitHub AE.
To sign commits using GPG and have those commits verified on GitHub AE, follow these steps:
- Check for existing GPG keys
- Generate a new GPG key
- Add a new GPG key to your GitHub account
- Tell Git about your signing key
- Sign commits
- Sign tags
S/MIME commit signature verification
You can use S/MIME to sign commits with an X.509 key issued by your organization.
GitHub AE uses the Debian ca-certificates package, the same trust store used by Mozilla browsers, to confirm that your locally signed commits and tags are cryptographically verifiable against a public key in a trusted root certificate.
Nota: la verificación de firma S/MIME está disponible desde Git 2.19 o posterior. Para actualizar tu versiíon de Git, consulta el sitio web de Git.
To sign commits using S/MIME and have those commits verified on GitHub AE, follow these steps:
You don't need to upload your public key to GitHub AE.