S/MIME signature support. #6653

New Issue

Open

opened 2025-11-02 07:02:36 -06:00 by GiteaMirror · 9 comments

GiteaMirror commented 2025-11-02 07:02:36 -06:00

Owner

Copy Link

Originally created by @AlexMasterOfCoding on GitHub (Jan 7, 2021).

Feature request

Description

It should be possible to use s/mime certificates to sign commits. The trust could e.g. be based on a seperate CA keystore or based on the trust of the underlying system.
Actually (as of version 1.13.1) gitea is not able to extract and handle s/mime signed commits in the web ui. It actually only remembers that there is some signature in the commit.

Originally created by @AlexMasterOfCoding on GitHub (Jan 7, 2021). # Feature request ## Description It should be possible to use s/mime certificates to sign commits. The trust could e.g. be based on a seperate CA keystore or based on the trust of the underlying system. Actually (as of version 1.13.1) gitea is not able to extract and handle s/mime signed commits in the web ui. It actually only remembers that there is some signature in the commit.

GiteaMirror added the type/proposaltype/feature labels 2025-11-02 07:02:36 -06:00

GiteaMirror commented 2025-11-02 07:02:37 -06:00

Author

Owner

Copy Link

@zeripath commented on GitHub (Jan 7, 2021):

An example of some S/MIME signed commits with their associated public key would go a long way towards making this possible.

Similarly linking to the spec for these would also be helpful.

@zeripath commented on GitHub (Jan 7, 2021): An example of some S/MIME signed commits with their associated public key would go a long way towards making this possible. Similarly linking to the spec for these would also be helpful.

GiteaMirror commented 2025-11-02 07:02:37 -06:00

Author

Owner

Copy Link

@AlexMasterOfCoding commented on GitHub (Jan 8, 2021):

As a first source, I could give you the tool I actually use to get smime running: smimesign
The tool could be very helpful, as the code is written in go.

Actually I am looking for more information.

@AlexMasterOfCoding commented on GitHub (Jan 8, 2021): As a first source, I could give you the tool I actually use to get smime running: [smimesign](https://github.com/github/smimesign) The tool could be very helpful, as the code is written in go. Actually I am looking for more information.

GiteaMirror commented 2025-11-02 07:02:38 -06:00

Author

Owner

Copy Link

@zeripath commented on GitHub (Jan 9, 2021):

Do you have a git repo with smime signed commits to look at and review?

@zeripath commented on GitHub (Jan 9, 2021): Do you have a git repo with smime signed commits to look at and review?

GiteaMirror commented 2025-11-02 07:02:38 -06:00

Author

Owner

Copy Link

@AlexMasterOfCoding commented on GitHub (Jan 11, 2021):

I created a new smimetest repo. The commit(s) are signed with smime. Should I add an example on GitHub, too?
I just added the public cert for validation purposes into the repository.

@AlexMasterOfCoding commented on GitHub (Jan 11, 2021): I created a new [smimetest](https://try.gitea.io/testsmime/smimetest) repo. The commit(s) are signed with smime. Should I add an example on GitHub, too? I just added the public cert for validation purposes into the repository.

GiteaMirror commented 2025-11-02 07:02:38 -06:00

Author

Owner

Copy Link

@zeripath commented on GitHub (Jan 11, 2021):

OK i'll pull it locally.

@zeripath commented on GitHub (Jan 11, 2021): OK i'll pull it locally.

GiteaMirror commented 2025-11-02 07:02:38 -06:00

Author

Owner

Copy Link

@zeripath commented on GitHub (Jan 11, 2021):

OK,echo "e03bf604d1f8cf51bc55128dd9b18ac3e9406305" | git cat-file --batch gives:

`echo "e03bf604d1f8cf51bc55128dd9b18ac3e9406305" | git cat-file --batch`

e03bf604d1f8cf51bc55128dd9b18ac3e9406305 commit 4719
tree 7d23a46f2ffda986ada618d6b4253c9965f2675c
parent 16b579c3e3bd283f99155a41e786bf7261f9bd90
author Alexander Küppers <alexander.kueppers@atos.net> 1610355921 +0100
committer Alexander Küppers <alexander.kueppers@atos.net> 1610355921 +0100
gpgsig -----BEGIN SIGNED MESSAGE-----
 MIIMWwYJKoZIhvcNAQcCoIIMTDCCDEgCAQExDTALBglghkgBZQMEAgEwCwYJKoZI
 hvcNAQcBoIIKPTCCBeIwggTKoAMCAQICCC20/2DBg5CMMA0GCSqGSIb3DQEBCwUA
 MEYxKDAmBgNVBAMMH0F0b3MgVHJ1c3RlZFJvb3QgQ2xpZW50LUNBIDIwMTMxDTAL
 BgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMB4XDTE5MDIxMzA5NTUzM1oXDTIyMDIx
 MjA5NTUzM1owcjELMAkGA1UEBhMCREUxDTALBgNVBAoMBEF0b3MxETAPBgNVBAQM
 CEvDvHBwZXJzMRIwEAYDVQQqDAlBbGV4YW5kZXIxEDAOBgNVBAUTB0E1NjQzMzEx
 GzAZBgNVBAMMEkFsZXhhbmRlciBLw7xwcGVyczCCASIwDQYJKoZIhvcNAQEBBQAD
 ggEPADCCAQoCggEBAILcds6pMk3ojdew1o/hjYhHtrwtOS5sp/8FfodxUxnoomS2
 4N4zOJnqgI/r41S0aFmi8Qj0IP/y6Fb9RDAgbEc5XZkSfpDhStugeoT0B+FCTYnr
 SASlUBwFMo6c7zgM4MxWaQEixtStQ/x8jxC1E/xouG9viW9bal9fDxgQP0pJeESE
 tRDbdKFwfGN3VZBn9r5Wgf01A2kWdBXFzq4mDKpZjy3C/1iT1v9Fu47ROfkF0IKN
 RXR6Tgok7CGplEo+tc53LSP74C8GT/Bj0yjj1cC2/BRvdxvQU8H/VF4H0HCqukUh
 +ot9EHR2FJ9ljYc0X14cB0Q815CatZJwGi9rmW8CAwEAAaOCAqYwggKiMB8GA1Ud
 IwQYMBaAFJDtc8PoUtFbDOxJO4nJvC06Zb6TMH8GCCsGAQUFBwEBBHMwcTBJBggr
 BgEFBQcwAoY9aHR0cHM6Ly9wa2kuYXRvcy5uZXQvRG93bmxvYWQvQXRvc1RydXN0
 ZWRSb290Q2xpZW50Q0EyMDEzLmNlcjAkBggrBgEFBQcwAYYYaHR0cDovL3BraS1v
 Y3NwLmF0b3MubmV0MFMGA1UdEQRMMEqBG2FsZXhhbmRlci5rdWVwcGVyc0BhdG9z
 Lm5ldKArBgorBgEEAYI3FAIDoB0MG2FsZXhhbmRlci5rdWVwcGVyc0BhdG9zLm5l
 dDBgBgNVHSAEWTBXMFUGDCsGAQQBsC0FAQEBATBFMEMGCCsGAQUFBwIBFjdodHRw
 Oi8vcGtpLmF0b3MubmV0L0Rvd25sb2FkL0F0b3NUcnVzdGVkQ0FDUFN2MS45LjEu
 cGRmMDMGA1UdJQQsMCoGCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUIAgIGCisG
 AQQBgjcUAgIwgeIGA1UdHwSB2jCB1zBFoEOgQYY/aHR0cDovL3BraS1jcmwuYXRv
 cy5uZXQvY3JsL0F0b3NfVHJ1c3RlZFJvb3RfQ2xpZW50X0NBXzIwMTMuY3JsMIGN
 oIGKoIGHhoGEbGRhcDovL3BraS1sZGFwLmF0b3MubmV0L2NuPUF0b3MlMjBUcnVz
 dGVkUm9vdCUyMENsaWVudC1DQSUyMDIwMTMsb3U9Q0Esb3U9QXRvcyUyMFRDLG89
 QXRvcyxkYz1hdG9zLGRjPW5ldD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0MB0G
 A1UdDgQWBBQxgP368BsP79Bp8VK/L6yZC4MM4zAOBgNVHQ8BAf8EBAMCB4AwDQYJ
 KoZIhvcNAQELBQADggEBABU+zzjQVrvMo+ojnspFTiRlpoOIN8wSkjWXH9SsZ8Ay
 v71ZkVlpWvvxbFhTAxO3DEyjrh1x+FbKziH1dG7xuQ9yIFcHumRas9NqolclVBfk
 tWezijjv3qOusWwmz8HXz5+7JRQK3+s1pAjFrtXfrlTT8lDCdrQ0ic+6qWZfBwjZ
 oDRoHvBXyiq7HpbBlPUb4y+OsxjOTliGhekYZxL0Tl2vAhC7+TX5XOy2PF3zViJp
 SR5dfeLR/ING6d5/kE3i5eC9+NQVX7gle/u5xYLpW3vMwRUSYuAIAdsICoE9dUlG
 mPVq07qePKSlx7XqS77xz2scB295enOxQoIpEP4hn3QwggRTMIIDO6ADAgECAghw
 OBixWTgxGjANBgkqhkiG9w0BAQsFADA8MR4wHAYDVQQDDBVBdG9zIFRydXN0ZWRS
 b290IDIwMTExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMB4XDTEzMDUwMjEz
 NTYxNFoXDTIzMDQzMDEzNTYxNFowRjEoMCYGA1UEAwwfQXRvcyBUcnVzdGVkUm9v
 dCBDbGllbnQtQ0EgMjAxMzENMAsGA1UECgwEQXRvczELMAkGA1UEBhMCREUwggEi
 MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTxYAYE1ypaSVORF4AGtW8883i
 gCWMA2DAUa6GFeDJj6WXmAIynYF/Znz07Gt0gUeiu53Ae5UMP1o6kmGBdX46aOrE
 UkpfzVwzX3B+AUk9QCvaOGp/10Ztzh+ImP8Mets8OxnhpBLc3w2nX/puOc4bN42R
 9JucPii3bFLMoGgrNo72y+8trOmFONjMrQhojwcmTGMQ1mlsYtgpWUdKBEuoQyl5
 dbcxgXe7k2SDfeefbBZA13GOjKACoAOVzfS2xqRBBIbwLrR9/Z+hPfTou/7B+9Sv
 4azDTC/PjOPe4QgLv8xz8pp9avv7xzkjVYJnibKnnX9LHmLiwbq486WUWMuVAgMB
 AAGjggFNMIIBSTAdBgNVHQ4EFgQUkO1zw+hS0VsM7Ek7icm8LTplvpMwDwYDVR0T
 AQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAYBgNV
 HSAEETAPMA0GCysGAQQBsC0FAQEBMIHLBgNVHR8EgcMwgcAwPqA8oDqGOGh0dHA6
 Ly9wa2ktY3JsLmF0b3MubmV0L2NybC9BdG9zX1RydXN0ZWRSb290X0NBXzIwMTEu
 Y3JsMH6gfKB6hnhsZGFwOi8vcGtpLWxkYXAuYXRvcy5uZXQvY249QXRvcyUyMFRy
 dXN0ZWRSb290JTIwMjAxMSxvdT1DQSxvdT1BdG9zJTIwVEMsbz1BdG9zLGRjPWF0
 b3MsZGM9bmV0P2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3QwDgYDVR0PAQH/BAQD
 AgGGMA0GCSqGSIb3DQEBCwUAA4IBAQBUsGyDIgR5Ip1sw8nVRqnh+WIOZexUDywA
 Lp25GTOYudWLln3IS3RK+LlrJhiCnwN/KID5cJtX3KPzeXjOBB+QuzKz/HzfP5iM
 hjVEtrurmtegifLfTnRLn+w36mLq4eDXwe0P2z40PgtMpRyozK23f1jFrsXumnQS
 ClL2F2EBuM536JJPPhPjfoDNU6+zEqfZWokpJ28SOKRJO4QFcpYYaJmGRk7dhz0R
 ThjVSN9RvDj0mWUhfY9CGpg7F6Hv7fyNP/3SrtJomU1Lh625jDdtg0F8YaF8K9kP
 UQItj5nqS+AyEPXkxzjZAHHzGeguiH78H+kMy1xBHRQbliIsbsgXMYIB5DCCAeAC
 AQEwUjBGMSgwJgYDVQQDDB9BdG9zIFRydXN0ZWRSb290IENsaWVudC1DQSAyMDEz
 MQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERQIILbT/YMGDkIwwCwYJYIZIAWUD
 BAIBoGkwHAYJKoZIhvcNAQkFMQ8XDTIxMDExMTA5MDUyNFowLwYJKoZIhvcNAQkE
 MSIEIOBOpcOG21XhJXbQFOgStC+Xs+03AgCgZKJdqylnC5LdMBgGCSqGSIb3DQEJ
 AzELBgkqhkiG9w0BBwEwCwYJKoZIhvcNAQEBBIIBAE2q+uhSli+oIgL+0LWlHk84
 l9iYvp/WjVcRKYKtIkasdCnAYox0EKe18Kd/OaXPufqdwHf5JKDnPanKJZr5uJQh
 vyKyhDwQznBqpGF79LinXvnDdZe3usq8mtCY1+gYHo3UgqyFRZMLplZKlgmEZ/xs
 7o5LaWackIH1T0G13+IW/uFU/n0pZw5IPsM80W2lU8o8fewIU2NnRmpjuuRoRMC/
 Dbsu1xpCHiBLQQNG0urM34X2bH1eceB3s7vpNWq3IuSTbzP4WpusLGSSmNNycJeC
 SxRvh6pzDVhH6NUdFUQ06EEzHFQpAuNd2ohmovztwavTqV44Vi3/b3aYFBw+n5E=
 -----END SIGNED MESSAGE-----

Add public cert for validation of commit signature

So the gpgsig in this case is a -----BEGIN SIGNED MESSAGE----- whereas normally it is -----BEGIN PGP SIGNATURE-----

we'd need to have someway of setting what the certificate should be and it would likely need another trustmodel etc.

@zeripath commented on GitHub (Jan 11, 2021): OK,`echo "e03bf604d1f8cf51bc55128dd9b18ac3e9406305" | git cat-file --batch` gives: <details><summary>`echo "e03bf604d1f8cf51bc55128dd9b18ac3e9406305" | git cat-file --batch` </summary> ``` e03bf604d1f8cf51bc55128dd9b18ac3e9406305 commit 4719 tree 7d23a46f2ffda986ada618d6b4253c9965f2675c parent 16b579c3e3bd283f99155a41e786bf7261f9bd90 author Alexander Küppers <alexander.kueppers@atos.net> 1610355921 +0100 committer Alexander Küppers <alexander.kueppers@atos.net> 1610355921 +0100 gpgsig -----BEGIN SIGNED MESSAGE----- MIIMWwYJKoZIhvcNAQcCoIIMTDCCDEgCAQExDTALBglghkgBZQMEAgEwCwYJKoZI hvcNAQcBoIIKPTCCBeIwggTKoAMCAQICCC20/2DBg5CMMA0GCSqGSIb3DQEBCwUA MEYxKDAmBgNVBAMMH0F0b3MgVHJ1c3RlZFJvb3QgQ2xpZW50LUNBIDIwMTMxDTAL BgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMB4XDTE5MDIxMzA5NTUzM1oXDTIyMDIx MjA5NTUzM1owcjELMAkGA1UEBhMCREUxDTALBgNVBAoMBEF0b3MxETAPBgNVBAQM CEvDvHBwZXJzMRIwEAYDVQQqDAlBbGV4YW5kZXIxEDAOBgNVBAUTB0E1NjQzMzEx GzAZBgNVBAMMEkFsZXhhbmRlciBLw7xwcGVyczCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAILcds6pMk3ojdew1o/hjYhHtrwtOS5sp/8FfodxUxnoomS2 4N4zOJnqgI/r41S0aFmi8Qj0IP/y6Fb9RDAgbEc5XZkSfpDhStugeoT0B+FCTYnr SASlUBwFMo6c7zgM4MxWaQEixtStQ/x8jxC1E/xouG9viW9bal9fDxgQP0pJeESE tRDbdKFwfGN3VZBn9r5Wgf01A2kWdBXFzq4mDKpZjy3C/1iT1v9Fu47ROfkF0IKN RXR6Tgok7CGplEo+tc53LSP74C8GT/Bj0yjj1cC2/BRvdxvQU8H/VF4H0HCqukUh +ot9EHR2FJ9ljYc0X14cB0Q815CatZJwGi9rmW8CAwEAAaOCAqYwggKiMB8GA1Ud IwQYMBaAFJDtc8PoUtFbDOxJO4nJvC06Zb6TMH8GCCsGAQUFBwEBBHMwcTBJBggr BgEFBQcwAoY9aHR0cHM6Ly9wa2kuYXRvcy5uZXQvRG93bmxvYWQvQXRvc1RydXN0 ZWRSb290Q2xpZW50Q0EyMDEzLmNlcjAkBggrBgEFBQcwAYYYaHR0cDovL3BraS1v Y3NwLmF0b3MubmV0MFMGA1UdEQRMMEqBG2FsZXhhbmRlci5rdWVwcGVyc0BhdG9z Lm5ldKArBgorBgEEAYI3FAIDoB0MG2FsZXhhbmRlci5rdWVwcGVyc0BhdG9zLm5l dDBgBgNVHSAEWTBXMFUGDCsGAQQBsC0FAQEBATBFMEMGCCsGAQUFBwIBFjdodHRw Oi8vcGtpLmF0b3MubmV0L0Rvd25sb2FkL0F0b3NUcnVzdGVkQ0FDUFN2MS45LjEu cGRmMDMGA1UdJQQsMCoGCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUIAgIGCisG AQQBgjcUAgIwgeIGA1UdHwSB2jCB1zBFoEOgQYY/aHR0cDovL3BraS1jcmwuYXRv cy5uZXQvY3JsL0F0b3NfVHJ1c3RlZFJvb3RfQ2xpZW50X0NBXzIwMTMuY3JsMIGN oIGKoIGHhoGEbGRhcDovL3BraS1sZGFwLmF0b3MubmV0L2NuPUF0b3MlMjBUcnVz dGVkUm9vdCUyMENsaWVudC1DQSUyMDIwMTMsb3U9Q0Esb3U9QXRvcyUyMFRDLG89 QXRvcyxkYz1hdG9zLGRjPW5ldD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0MB0G A1UdDgQWBBQxgP368BsP79Bp8VK/L6yZC4MM4zAOBgNVHQ8BAf8EBAMCB4AwDQYJ KoZIhvcNAQELBQADggEBABU+zzjQVrvMo+ojnspFTiRlpoOIN8wSkjWXH9SsZ8Ay v71ZkVlpWvvxbFhTAxO3DEyjrh1x+FbKziH1dG7xuQ9yIFcHumRas9NqolclVBfk tWezijjv3qOusWwmz8HXz5+7JRQK3+s1pAjFrtXfrlTT8lDCdrQ0ic+6qWZfBwjZ oDRoHvBXyiq7HpbBlPUb4y+OsxjOTliGhekYZxL0Tl2vAhC7+TX5XOy2PF3zViJp SR5dfeLR/ING6d5/kE3i5eC9+NQVX7gle/u5xYLpW3vMwRUSYuAIAdsICoE9dUlG mPVq07qePKSlx7XqS77xz2scB295enOxQoIpEP4hn3QwggRTMIIDO6ADAgECAghw OBixWTgxGjANBgkqhkiG9w0BAQsFADA8MR4wHAYDVQQDDBVBdG9zIFRydXN0ZWRS b290IDIwMTExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMB4XDTEzMDUwMjEz NTYxNFoXDTIzMDQzMDEzNTYxNFowRjEoMCYGA1UEAwwfQXRvcyBUcnVzdGVkUm9v dCBDbGllbnQtQ0EgMjAxMzENMAsGA1UECgwEQXRvczELMAkGA1UEBhMCREUwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTxYAYE1ypaSVORF4AGtW8883i gCWMA2DAUa6GFeDJj6WXmAIynYF/Znz07Gt0gUeiu53Ae5UMP1o6kmGBdX46aOrE UkpfzVwzX3B+AUk9QCvaOGp/10Ztzh+ImP8Mets8OxnhpBLc3w2nX/puOc4bN42R 9JucPii3bFLMoGgrNo72y+8trOmFONjMrQhojwcmTGMQ1mlsYtgpWUdKBEuoQyl5 dbcxgXe7k2SDfeefbBZA13GOjKACoAOVzfS2xqRBBIbwLrR9/Z+hPfTou/7B+9Sv 4azDTC/PjOPe4QgLv8xz8pp9avv7xzkjVYJnibKnnX9LHmLiwbq486WUWMuVAgMB AAGjggFNMIIBSTAdBgNVHQ4EFgQUkO1zw+hS0VsM7Ek7icm8LTplvpMwDwYDVR0T AQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAYBgNV HSAEETAPMA0GCysGAQQBsC0FAQEBMIHLBgNVHR8EgcMwgcAwPqA8oDqGOGh0dHA6 Ly9wa2ktY3JsLmF0b3MubmV0L2NybC9BdG9zX1RydXN0ZWRSb290X0NBXzIwMTEu Y3JsMH6gfKB6hnhsZGFwOi8vcGtpLWxkYXAuYXRvcy5uZXQvY249QXRvcyUyMFRy dXN0ZWRSb290JTIwMjAxMSxvdT1DQSxvdT1BdG9zJTIwVEMsbz1BdG9zLGRjPWF0 b3MsZGM9bmV0P2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3QwDgYDVR0PAQH/BAQD AgGGMA0GCSqGSIb3DQEBCwUAA4IBAQBUsGyDIgR5Ip1sw8nVRqnh+WIOZexUDywA Lp25GTOYudWLln3IS3RK+LlrJhiCnwN/KID5cJtX3KPzeXjOBB+QuzKz/HzfP5iM hjVEtrurmtegifLfTnRLn+w36mLq4eDXwe0P2z40PgtMpRyozK23f1jFrsXumnQS ClL2F2EBuM536JJPPhPjfoDNU6+zEqfZWokpJ28SOKRJO4QFcpYYaJmGRk7dhz0R ThjVSN9RvDj0mWUhfY9CGpg7F6Hv7fyNP/3SrtJomU1Lh625jDdtg0F8YaF8K9kP UQItj5nqS+AyEPXkxzjZAHHzGeguiH78H+kMy1xBHRQbliIsbsgXMYIB5DCCAeAC AQEwUjBGMSgwJgYDVQQDDB9BdG9zIFRydXN0ZWRSb290IENsaWVudC1DQSAyMDEz MQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERQIILbT/YMGDkIwwCwYJYIZIAWUD BAIBoGkwHAYJKoZIhvcNAQkFMQ8XDTIxMDExMTA5MDUyNFowLwYJKoZIhvcNAQkE MSIEIOBOpcOG21XhJXbQFOgStC+Xs+03AgCgZKJdqylnC5LdMBgGCSqGSIb3DQEJ AzELBgkqhkiG9w0BBwEwCwYJKoZIhvcNAQEBBIIBAE2q+uhSli+oIgL+0LWlHk84 l9iYvp/WjVcRKYKtIkasdCnAYox0EKe18Kd/OaXPufqdwHf5JKDnPanKJZr5uJQh vyKyhDwQznBqpGF79LinXvnDdZe3usq8mtCY1+gYHo3UgqyFRZMLplZKlgmEZ/xs 7o5LaWackIH1T0G13+IW/uFU/n0pZw5IPsM80W2lU8o8fewIU2NnRmpjuuRoRMC/ Dbsu1xpCHiBLQQNG0urM34X2bH1eceB3s7vpNWq3IuSTbzP4WpusLGSSmNNycJeC SxRvh6pzDVhH6NUdFUQ06EEzHFQpAuNd2ohmovztwavTqV44Vi3/b3aYFBw+n5E= -----END SIGNED MESSAGE----- Add public cert for validation of commit signature ``` </details> So the gpgsig in this case is a ` -----BEGIN SIGNED MESSAGE-----` whereas normally it is `-----BEGIN PGP SIGNATURE-----` we'd need to have someway of setting what the certificate should be and it would likely need another trustmodel etc.

GiteaMirror commented 2025-11-02 07:02:38 -06:00

Author

Owner

Copy Link

@AlexMasterOfCoding commented on GitHub (Jan 11, 2021):

Thank you for analysing the repository and the signature!
Just some ideas on how to handle the trust:

• the os system trust, or
• a dedicated keystore for gitea

could be used.

Additionally neither direct trust or a combination with the above would be possible, as a user can "import" his certificate (the same way as GPG) - this is maybe a requirement, as the certificate may not be exactly bound to the email as in GPG.

Just some ideas and purposes. Thanks for all the efforts!

@AlexMasterOfCoding commented on GitHub (Jan 11, 2021): Thank you for analysing the repository and the signature! Just some ideas on how to handle the trust: * the os system trust, or * a dedicated keystore for gitea could be used. Additionally neither direct trust or a combination with the above would be possible, as a user can "import" his certificate (the same way as GPG) - this is maybe a requirement, as the certificate may not be exactly bound to the email as in GPG. Just some ideas and purposes. Thanks for all the efforts!

GiteaMirror commented 2025-11-02 07:02:39 -06:00

Author

Owner

Copy Link

@andrinbr commented on GitHub (Jun 6, 2022):

Are there any news on the subject? S/MIME commits do not seem to be supported yet:
...mmit_verification.go:134:ParseCommitWithSignature() [E] SignatureRead err: Failed to read signature armor

@andrinbr commented on GitHub (Jun 6, 2022): Are there any news on the subject? S/MIME commits do not seem to be supported yet: `...mmit_verification.go:134:ParseCommitWithSignature() [E] SignatureRead err: Failed to read signature armor`

GiteaMirror commented 2025-11-02 07:02:39 -06:00

Author

Owner

Copy Link

@kguerineau commented on GitHub (Feb 22, 2023):

Hello, do you have planned to integrate this feature ?

@kguerineau commented on GitHub (Feb 22, 2023): Hello, do you have planned to integrate this feature ?

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label type/feature type/proposal

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#6653