Skip to main content

verify_commit_signature

Function verify_commit_signature 

Source
pub async fn verify_commit_signature(
    commit_content: &[u8],
    allowed_keys: &[DevicePublicKey],
    provider: &dyn CryptoProvider,
    _repo_path: Option<&Path>,
) -> Result<VerifiedCommit, CommitVerificationError>
Expand description

Verify an SSH-signed git commit against a list of allowed keys.

Supports both Ed25519 and ECDSA P-256 signatures. The key type is auto-detected from the SSHSIG envelope.

Args:

  • commit_content: Raw output of git cat-file commit <sha>.
  • allowed_keys: Public keys authorized to sign (Ed25519 or P-256).
  • provider: Crypto backend for Ed25519 verification.
  • repo_path: Optional path to the git repository.

Usage:

let verified = verify_commit_signature(content, &keys, &provider, Some(Path::new("/repo"))).await?;