我想知道 git 签名标签中究竟签署了什么。我们来分析一下 Linux v4.14-rc3 签名。
$ git show v4.14-rc3 | head -n 20
tag v4.14-rc3
Tagger: Linus Torvalds <torvalds@linux-foundation.org>
Date: Sun Oct 1 14:55:06 2017 -0700
Linux 4.14-rc3
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJZ0WQ6AAoJEHm+PkMAQRiGuloH/3sF4qfBhPuJo8OTf0uCtQ18
4Ux9zZbm81df/Jjz0exAp1Jqk+TvdIS3OXPWcKilvbUBP16hQcsxFTnI/5QF+YcN
87aNr+OCMJzOBK4suN1yhzO46NYHeIizdB0PTZVL1Zsto69Tt31D8VJmgH6oBxAw
Isb/nAkOr31dZ9PI5UEExTIanUt6EywVb0UswA+2rNl3h1UkeasQCpMpK2n6HBhU
kVD7sxEd/CN0MmfhB0HrySSam/BeSpOtzoU9bemOwrU2uu9+5+2rqMe7Gsdj4nX6
3Kk+7FQNktlrhxCZIFN/+CdusOUuDd8r/75d7DnsRK5YvSb0sZzJkfD3Nba68Ms=
=7J2+
-----END PGP SIGNATURE-----
commit 9e66317d3c92ddaab330c125dfe9d06eee268aff
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Sun Oct 1 14:54:54 2017 -0700
这个 GPG 签名可以解码为:
Old: Signature (Tag 2)
Version: 4
Signature Type: Signature of a binary document. (type 0x00)
Public Key Algorithm: RSA (Encrypt or Sign) (pka 1)
Hash Algorithm: SHA1 (hash 2)
Hashed Sub:
Signature Creation Time Subpacket (sub 2) (4 octets)
Creation Time: Sun Oct 1 21:55:06 UTC 2017
Unhashed Sub:
Issuer Subpacket (sub 16) (8 octets)
Key ID: 79be3e4300411886
Hash Left 16 Bits: ba5a
RSA m**d mod n (2047 bits): 7b05e2a7c184fb89a3c3937f4b82b50d7ce14c7dcd96e6f3575ffc98f3d1ec40a7526a93e4ef7484b73973d670a8a5bdb5013f5ea141cb311539c8ff9405f9870df3b68dafe382309cce04ae2cb8dd728733b8e8d6077888b3741d0f4d954bd59b2da3af53b77d43f15266807ea807103022c6ff9c090eaf7d5d67d3c8e54104c5321a9d4b7a132c156f452cc00fb6acd97787552479ab100a93292b69fa1c18549150fbb3111dfc23743267e10741ebc9249a9bf05e4a93adce853d6de98ec2b536baef7ee7edaba8c7bb1ac763e275fadca93eec540d92d96b87109920537ff8276eb0e52e0ddf2bffbe5dec39ec44ae58bd26f4b19cc991f0f735b6baf0cb
79be3e4300411886 密钥公共模数和指数是:
modulus=0xa49fe68e2e6b1aab57a351c5c200e5e43b7c3b7a22ea8d1ff38932f6299df4a7b6f13fc713517bdf33b7f013b127a820a48e2db9c76c6ca0a5c1f00954b302046141423aea63d813ac56627faca656edf0af29338af8182e2a379b0f135b82689fdfd6df4a71c35ab5bcdf67f91eb626667edafd5c920d015dba5f0697f47a82ce8f1c96e08e3b7e2bb3f1e9c41531536f63f54159dbc0d737243bfe21ea07f791659937e5a5abcc2ffe9c5fb7c433345830787f68e5b8f8b6743ec0c08b08b883b2012e55ac28380920ddd44cba0214a222a804ac3b6f6d6af558e9e237b346f7220ba62ce241944851b5663227dcca58ddfdf1677cae630af143c25c03b293
e=0x010001
使用 python pow() 函数我们得到:
sig = 0x7b05e2a7c184fb89a3c3937f4b82b50d7ce14c7dcd96e6f3575ffc98f3d1ec40a7526a93e4ef7484b73973d670a8a5bdb5013f5ea141cb311539c8ff9405f9870df3b68dafe382309cce04ae2cb8dd728733b8e8d6077888b3741d0f4d954bd59b2da3af53b77d43f15266807ea807103022c6ff9c090eaf7d5d67d3c8e54104c5321a9d4b7a132c156f452cc00fb6acd97787552479ab100a93292b69fa1c18549150fbb3111dfc23743267e10741ebc9249a9bf05e4a93adce853d6de98ec2b536baef7ee7edaba8c7bb1ac763e275fadca93eec540d92d96b87109920537ff8276eb0e52e0ddf2bffbe5dec39ec44ae58bd26f4b19cc991f0f735b6baf0cb
print hex(pow(sig,e,modulus))
0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a05000414ba5aef12cc8a6983ff47f16a515b1da496a39822L
签名中的 ASN.1 输出表示 sha1 (1.3.14.3.2.26),哈希为ba5aef12cc8a6983ff47f16a515b1da496a39822
. 哪些输入数据散列到该值?我希望 shell oneliner 在 Linux 内核 git 存储库中执行时会输出此值。