mirror of
https://github.com/markqvist/Reticulum.git
synced 2026-06-10 23:13:30 -07:00
Added rngit commit signing section to the manual
This commit is contained in:
Mark Qvist
+110
-1
@@ -1373,4 +1373,113 @@ This cryptographic provenance is particularly valuable for distributed teams ope
|
||||
-d, --id ID document ID
|
||||
-v, --verbose
|
||||
-q, --quiet
|
||||
--version show program's version number and exit
|
||||
--version show program's version number and exit
|
||||
|
||||
|
||||
.. _git-commit-signing:
|
||||
|
||||
Commit Signing
|
||||
==============
|
||||
|
||||
The ``rngit`` system includes ``rngcs``, a Git commit signing and validation shim that enables commit signing and validation using Reticulum identities. By hooking into Git's SSH-based signing format, commits can be signed and verified using Reticulum identity keys directly.
|
||||
|
||||
Unlike traditional GPG and SSH-based commit signing, which relies on centralized keyservers, cumbersome co-signing procedures or manual per-signer setup, Reticulum commit signing uses self-contained RSG signatures, that can be deterministically resolved to Reticulum identity hashes.
|
||||
|
||||
This enables offline verification with no external infrastructure. The signature itself contains everything needed to cryptographically verify the signer's Reticulum identity and that the commit was signed correctly by the claimed identity.
|
||||
|
||||
Prerequisites
|
||||
-------------
|
||||
|
||||
Before you can sign commits, you need a Reticulum identity with a private key. If you don't already have one, you can generate it using ``rnid``:
|
||||
|
||||
.. code:: text
|
||||
|
||||
$ rnid -g ~/.rngit/client_identity
|
||||
|
||||
New identity <1a54d64db7e8beca6f2c6cd17b0cb479> written to /home/user/.rngit/client_identity
|
||||
|
||||
The identity file must contain the private key to be usable for signing. The corresponding Reticulum identity hash will be used as the commit author identity.
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
||||
Git must be configured to use SSH-format signatures with the ``rngcs`` signing shim, which is included in RNS. You can configure this either globally or per-repository.
|
||||
|
||||
**Global Configuration**
|
||||
|
||||
Enabling Reticulum commit signing for all repositories is as simple as:
|
||||
|
||||
.. code:: text
|
||||
|
||||
$ git config --global gpg.format ssh
|
||||
$ git config --global gpg.ssh.program rngcs
|
||||
$ git config --global gpg.ssh.allowedsignersfile none
|
||||
$ git config --global user.signingKey ~/.rngit/client_identity
|
||||
|
||||
With this configuration, all commits you sign with ``git commit -S`` will use your Reticulum identity.
|
||||
|
||||
.. note::
|
||||
The ``gpg.ssh.allowedsignersfile`` configuration key **must** be *set* for ``git`` to allow invoking the signing and verification shim. It is not actually used by ``rngcs``, and can be set to an arbitrary value. All validation operations happen exclusively based on the information in the embedded RSG data.
|
||||
|
||||
**Per-Repository Configuration**
|
||||
|
||||
To enable signing only for a specific repository:
|
||||
|
||||
.. code:: text
|
||||
|
||||
$ cd /path/to/repository
|
||||
$ git config --local gpg.format ssh
|
||||
$ git config --local gpg.ssh.program rngcs
|
||||
$ git config --local gpg.ssh.allowedsignersfile
|
||||
$ git config --local user.signingKey ~/.rngit/client_identity
|
||||
|
||||
This is useful when you want to use different identities for different projects, or when only specific repositories require signed commits.
|
||||
|
||||
Author Identity Binding
|
||||
-----------------------
|
||||
|
||||
For the signature to be valid, the Git author email **must** match the Reticulum identity hash of the signing key. You can configure this using a command like the following:
|
||||
|
||||
.. code:: text
|
||||
|
||||
$ git config --global user.email "1a54d64db7e8beca6f2c6cd17b0cb479"
|
||||
|
||||
When ``rngcs`` verifies a commit, it extracts both the Git author field of the signed commit message and the signer identity from the RSG signature, ensuring they match. This binding is necessary to prevent identity spoofing. If someone crafts a commit with your identity hash in the author field but signs with a different key, verification will fail.
|
||||
|
||||
Signing Commits
|
||||
---------------
|
||||
|
||||
Once configured, sign commits using the standard Git ``-S`` flag:
|
||||
|
||||
.. code:: text
|
||||
|
||||
$ git commit -S -m "Refactored module"
|
||||
|
||||
[master 8f7e6d5] Refactored module
|
||||
|
||||
This will create a self-contained RSG-formatted signature, encode the RSG payload using base64, and wrap it in an ASCII-armored SSH-formatted signature block. The signature is then stored in the commit object's signature header and includes:
|
||||
|
||||
- The SHA256 hash of the commit content
|
||||
- The signer's Reticulum identity hash
|
||||
- The signer's public key
|
||||
- The actual signature of the complete envelope
|
||||
|
||||
Validating Commit Signatures
|
||||
----------------------------
|
||||
|
||||
Commits are automatically validated when using ``git log --show-signature`` or ``git show --show-signature``. The ``rngcs`` shim handles all verification operations. If any step fails, verification fails and Git displays an error.
|
||||
|
||||
To view signature information for commits, use Git's standard ``--show-signature`` option:
|
||||
|
||||
.. code:: text
|
||||
|
||||
$ git log --show-signature
|
||||
|
||||
commit 8f7e6d5c8f7e6d5c8f7e6d5c8f7e6d5c8f7e6d5
|
||||
Good "git" signature for commit, signed with Reticulum Identity key <1a54d64db7e8beca6f2c6cd17b0cb479>
|
||||
Author: Developer <1a54d64db7e8beca6f2c6cd17b0cb479>
|
||||
Date: Mon Jan 15 09:30:00 2026 +0100
|
||||
|
||||
Refactored module
|
||||
|
||||
The output shows whether the commit signature is valid, and whether the author field matches the signing identity.
|
||||
Reference in New Issue
Block a user