I'm trying to verify locally the signature of a commit.
Following the answer in https://stackoverflow.com/a/68825309, I was able to split into two files the data being signed (commit) from its signature (sig), but I would like to redo all the elliptic curve computations to verify the signature externally (e.g., with SageMath) and not with gpg --verify sig commit.
I correctly extracted the r and s components of the signature, but I cannot get the correct hashed data. Applying sha256sum (I checked that the hash function is the correct one) to the commit file from the previous answer containing the date being signed does not give the correct hashed value for ECDSA.
By using the command gpg --verify --debug=7 sig commit with the debug parameter, I can see both the r and s signature values (which are the correct values I have) and the hashed data but I don't know how this hashed data is generated.
Can someone please explain how the hashed data (z in the ECDSA specifications) is computed from the commit data?
git verify-commit?git, but there is no information about the actual values (even with-v).