Replies: 3 comments 5 replies
-
Hi, Yes, Dulwich doesn't currently support verifying SSH type signatures. PRs to add such support would be most welcome; using either an external library like https://github.com/grawity/ssh-datasign (although it would have to be on pip and ideally be a little more maintained), or using code in Dulwich itself. |
Beta Was this translation helpful? Give feedback.
-
ssh-datasign isn't my best code (some parts came from an earlier ~2010 project), and wasn't planned to become a pip library, so I would suggest importing the code wholesale and adapting it to fit the project, rather than treating it as a vendored library. (It in fact predates The lib/* files don't explicitly mention their license but it is the same as for the main ssh-sign.py script:
|
Beta Was this translation helpful? Give feedback.
-
Filed #1394 to track this |
Beta Was this translation helpful? Give feedback.
-
I am planning to migrate from using GitPython to Dulwich, but I will need to be able to verify commit signatures with SSH keys.
Am I correct that Dulwich does not have this functionality? It looks like tag signatures with GPG keys is only supported.
Are there any libraries or existing Python code that can do this? I've searched long and far and it seems the only Python code that replicates the core functionality of the type of SSH key signatures with git is https://github.com/grawity/ssh-datasign (thank you @grawity!) This is the SSHSIG type signature implemented by
ssh-keygen -Y verify
which is whatgit
uses for SSH key signatures (nice blog post).Beta Was this translation helpful? Give feedback.
All reactions