@@ -17,12 +17,24 @@ DESCRIPTION
1717Git uses cryptographic signatures in various places, currently objects (tags,
1818commits, mergetags) and transactions (pushes). In every case, the command which
1919is about to create an object or transaction determines a payload from that,
20- calls gpg to obtain a detached signature for the payload (`gpg -bsa`) and
21- embeds the signature into the object or transaction.
20+ calls an external program to obtain a detached signature for the payload
21+ (`gpg -bsa` in the case of PGP signatures), and embeds the signature into the
22+ object or transaction.
2223
23- Signatures always begin with `-----BEGIN PGP SIGNATURE-----`
24- and end with `-----END PGP SIGNATURE-----`, unless gpg is told to
25- produce RFC1991 signatures which use `MESSAGE` instead of `SIGNATURE`.
24+ Signatures begin with an "ASCII Armor" header line and end with a tail line,
25+ which differ depending on signature type (as selected by `gpg.format`, see
26+ linkgit:git-config[1]). These are, for `gpg.format` values:
27+
28+ `gpg` (PGP)::
29+ `-----BEGIN PGP SIGNATURE-----` and `-----END PGP SIGNATURE-----`.
30+ Or, if gpg is told to produce RFC1991 signatures,
31+ `-----BEGIN PGP MESSAGE-----` and `-----END PGP MESSAGE-----`
32+
33+ `ssh` (SSH)::
34+ `-----BEGIN SSH SIGNATURE-----` and `-----END SSH SIGNATURE-----`
35+
36+ `x509` (X.509)::
37+ `-----BEGIN SIGNED MESSAGE-----` and `-----END SIGNED MESSAGE-----`
2638
2739Signatures sometimes appear as a part of the normal payload
2840(e.g. a signed tag has the signature block appended after the payload
0 commit comments