在企业环境中使用 x509 证书签署 git commit [英] Sign git commit with x509 certificate in corporate environment

问题描述

我从文档中了解到可以对 git 标签和提交进行签名.

I have learned from the documentation that it is possible to sign git tags and commits.

git config --global user.signingkey 0A46826A

文档:https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work

这适用于 GPG.有人用 X509 用户证书做过这样的事情吗?

This works for GPG. Has somebody done something like this with X509 user certificates?

看起来 GPG 与 x509 pki 证书不兼容或不可互换.由于这是在企业环境中，GPG 不是一个选项.

It looks like GPG is not compatible or interchangeable with x509 pki certificates. Since this is in a corporate environment GPG is not a option.

如果有人可以分享如何使用 x509 证书来实现这一点的想法或经验，那就太好了?实现这样的事情需要什么以及需要什么?

It would be great if somebody could share thoughts or experiences how this could be done with x509 certs? What would be required and what it takes to implement something like this?

推荐答案

GitHub 提供了一些关于 指定签名密钥 包括如何使用 X.509 证书使用 smimesign 在 Windows 和 Mac 上.

GitHub provides some helpful instructions on specifying signing keys including how to sign using X.509 certificates using smimesign on Windows and Mac.

$ git config --global gpg.x509.program smimesign
$ git config --global gpg.format x509

对于 Git 2.18 及更早版本

$ git config --global gpg.program smimesign

在 Linux 上，您可以使用 gpgme 代替.使用 gpgme --import cert.p12 添加您的证书.在 gpgme 允许您签署任何内容之前，您可能还需要导入根证书和任何中间证书.

On Linux you can use gpgme instead. Add your certificate with gpgme --import cert.p12. You may also need to import the root and any intermediate certificates before gpgme will let you sign anything.

这篇关于在企业环境中使用 x509 证书签署 git commit的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！