jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity

"Authentication" top-level doc set (#21531)

Browse Source
This commit is contained in:
Laura Coursen
2021-09-21 14:27:08 -05:00
committed by GitHub
parent c5fc5f311b
commit b8429d8248
76 changed files with 128 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
content/authentication/troubleshooting-commit-signature-verification/checking-your-commit-and-tag-signature-verification-status.md Normal file
View File

@@ -0,0 +1,42 @@
---
title: Checking your commit and tag signature verification status
intro: 'You can check the verification status of your commit and tag signatures on {% data variables.product.product_name %}.'
redirect_from:
- /articles/checking-your-gpg-commit-and-tag-signature-verification-status/
- /articles/checking-your-commit-and-tag-signature-verification-status
- /github/authenticating-to-github/checking-your-commit-and-tag-signature-verification-status
- /github/authenticating-to-github/troubleshooting-commit-signature-verification/checking-your-commit-and-tag-signature-verification-status
versions:
fpt: '*'
ghes: '*'
ghae: '*'
topics:
- Identity
- Access management
shortTitle: Check verification status
---
## Checking your commit signature verification status
1. On {% data variables.product.product_name %}, navigate to your pull request.
{% data reusables.repositories.review-pr-commits %}
3. Next to your commit's abbreviated commit hash, there is a box that shows whether your commit signature is verified{% ifversion fpt %}, partially verified,{% endif %} or unverified.
![Signed commit](/assets/images/help/commits/gpg-signed-commit-verified-without-details.png)
4. To view more detailed information about the commit signature, click **Verified**{% ifversion fpt %}, **Partially verified**,{% endif %} or **Unverified**.
![Verified signed commit](/assets/images/help/commits/gpg-signed-commit_verified_details.png)
## Checking your tag signature verification status
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.releases %}
2. At the top of the Releases page, click **Tags**.
![Tags page](/assets/images/help/releases/tags-list.png)
3. Next to your tag description, there is a box that shows whether your tag signature is verified{% ifversion fpt %}, partially verified,{% endif %} or unverified.
![verified tag signature](/assets/images/help/commits/gpg-signed-tag-verified.png)
4. To view more detailed information about the tag signature, click **Verified**{% ifversion fpt %}, **Partially verified**,{% endif %} or **Unverified**.
![Verified signed tag](/assets/images/help/commits/gpg-signed-tag-verified-details.png)
## Further reading
- "[About commit signature verification](/articles/about-commit-signature-verification)"
- "[Signing commits](/articles/signing-commits)"
- "[Signing tags](/articles/signing-tags)"

21
content/authentication/troubleshooting-commit-signature-verification/index.md Normal file
View File

@@ -0,0 +1,21 @@
---
title: Troubleshooting commit signature verification
intro: 'You may need to troubleshoot unexpected issues that arise when signing commits locally for verification on {% data variables.product.product_name %}.'
redirect_from:
- /articles/troubleshooting-gpg/
- /articles/troubleshooting-commit-signature-verification
- /github/authenticating-to-github/troubleshooting-commit-signature-verification/
versions:
fpt: '*'
ghes: '*'
ghae: '*'
topics:
- Identity
- Access management
children:
- /checking-your-commit-and-tag-signature-verification-status
- /updating-an-expired-gpg-key
- /using-a-verified-email-address-in-your-gpg-key
shortTitle: Troubleshoot verification
---

23
content/authentication/troubleshooting-commit-signature-verification/updating-an-expired-gpg-key.md Normal file
View File

@@ -0,0 +1,23 @@
---
title: Updating an expired GPG key
intro: 'When verifying a signature, {% data variables.product.product_name %} checks that the key is not revoked or expired. If your signing key is revoked or expired, {% data variables.product.product_name %} cannot verify your signatures. If your key is revoked, use the primary key or another key that is not revoked to sign your commits.'
redirect_from:
- /articles/updating-an-expired-gpg-key
- /github/authenticating-to-github/updating-an-expired-gpg-key
- /github/authenticating-to-github/troubleshooting-commit-signature-verification/updating-an-expired-gpg-key
versions:
fpt: '*'
ghes: '*'
ghae: '*'
topics:
- Identity
- Access management
shortTitle: Update expired GPG key
---
If your key is expired, you must [update the expiration](https://www.gnupg.org/gph/en/manual/c235.html#AEN328), export the new key, delete the expired key in your GitHub account, and [upload the new key to GitHub](/articles/adding-a-new-gpg-key-to-your-github-account/). Your previous commits and tags will show as verified, as long as the key meets all other verification requirements.
If your key is invalid and you don't use another valid key in your key set, but instead generate a new GPG key with a new set of credentials, then your commits made with the revoked or expired key will continue to show as unverified. Also, your new credentials will not be able to resign or verify your old commits and tags.
## Further reading
- "[About commit signature verification](/articles/about-commit-signature-verification)"

26
content/authentication/troubleshooting-commit-signature-verification/using-a-verified-email-address-in-your-gpg-key.md Normal file
View File

@@ -0,0 +1,26 @@
---
title: Using a verified email address in your GPG key
intro: 'When verifying a signature, {% data variables.product.product_name %} checks that the committer or tagger email address matches an email address from the GPG key''s identities and is a verified email address on the user''s account. This ensures that the key belongs to you and that you created the commit or tag.'
redirect_from:
- /articles/using-a-verified-email-address-in-your-gpg-key
- /github/authenticating-to-github/using-a-verified-email-address-in-your-gpg-key
- /github/authenticating-to-github/troubleshooting-commit-signature-verification/using-a-verified-email-address-in-your-gpg-key
versions:
fpt: '*'
ghes: '*'
ghae: '*'
topics:
- Identity
- Access management
shortTitle: Use verified email in GPG key
---
{% ifversion fpt %}
If you need to verify your GitHub email address, see "[Verifying your email address](/articles/verifying-your-email-address/)." {% endif %}If you need to update or add an email address to your GPG key, see "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)."
Commits and tags may contain several email addresses. For commits, there is the author — the person who wrote the code — and the committer — the person who added the commit to the tree. When signing a commit with Git, whether it be during a merge, cherry-pick, or normal `git commit`, the committer email address will be yours, even if the author email address isn't. Tags are more simple: The tagger email address is always the user who created the tag.
If you need to change your committer or tagger email address, see "[Setting your commit email address](/articles/setting-your-commit-email-address/)."
## Further reading
- "[About commit signature verification](/articles/about-commit-signature-verification)"