-
Suggestion
-
Resolution: Fixed
-
None
-
0
-
I'm excited to share that we've released Bitbucket DC 8.15, a new version that includes Signing commits and tags with SSH keys. This release allows developers to sign their commits and tags using the same SSH keys that they use for Git over SSH. This feature will help you improve security of repositories and make it easier to enforce commit signing policies across the organisation.
For more information, I’m inviting you to explore the Bitbucket 8.15 release notes. For specific details on how to sign commits and tags with SSH keys, please visit our documentation.
As always, we appreciate your continued support and welcome any feedback or comments you may have.
Cheers,
Anton Genkin
Product Manager - Bitbucket Data Center
Original message
Git 2.34 supports signing commits with an SSH Key instead of a GPG Key.
Customer is requesting the capability to enable the "Verify Commit Signatures" pre-receive hook to ensure that only signed commits can be pushed to the repository. When we try to enable this hook, all pushes of SSH-signed commits to the repository fail with a message saying that the commit was signed, but the signature could not be verified.
Error message : "<COMMIT_HASH> was signed, but the signature could not be verified"