Merge branch 'fs/ssh-signing-other-keytypes'

The cryptographic signing using ssh keys can specify literal keys for keytypes whose name do not begin with the "ssh-" prefix by using the "key::" prefix mechanism (e.g. "key::ecdsa-sha2-nistp256"). * fs/ssh-signing-other-keytypes: ssh signing: make sign/amend test more resilient ssh signing: support non ssh-* keytypes
2021-12-21 15:03:16 -08:00
parent d2f0b72759 3b4b5a793a
commit ee1dc493d1
5 changed files with 67 additions and 17 deletions
--- a/Documentation/config/user.txt
+++ b/Documentation/config/user.txt
@ -36,10 +36,13 @@ user.signingKey::
 	commit, you can override the default selection with this variable.
 	This option is passed unchanged to gpg's --local-user parameter,
 	so you may specify a key using any method that gpg supports.
-	If gpg.format is set to "ssh" this can contain the literal ssh public
-	key (e.g.: "ssh-rsa XXXXXX identifier") or a file which contains it and
-	corresponds to the private key used for signing. The private key
-	needs to be available via ssh-agent. Alternatively it can be set to
-	a file containing a private key directly. If not set git will call
-	gpg.ssh.defaultKeyCommand (e.g.: "ssh-add -L") and try to use the first
-	key available.
+	If gpg.format is set to `ssh` this can contain the path to either
+	your private ssh key or the public key when ssh-agent is used.
+	Alternatively it can contain a public key prefixed with `key::`
+	directly (e.g.: "key::ssh-rsa XXXXXX identifier"). The private key
+	needs to be available via ssh-agent. If not set git will call
+	gpg.ssh.defaultKeyCommand (e.g.: "ssh-add -L") and try to use the
+	first key available. For backward compatibility, a raw key which
+	begins with "ssh-", such as "ssh-rsa XXXXXX identifier", is treated
+	as "key::ssh-rsa XXXXXX identifier", but this form is deprecated;
+	use the `key::` form instead.