Signing Git Commits with your SSH Key
Table Of Contents
Introduction
With Git Version 2.34 comes a new feature that lets you sign commits with your SSH key (see the blog post on GitHub).
This is a great alternative to GPG and S/MIME, since the experience with both is kind of impractical; Who uses GPG and S/MIME anyway?
How To
- Change the gpg format for git signing to ssh
git config --global commit.gpgsign true
git config --global gpg.format ssh
- Set a key from your
~/.sshdirectory
git config --global user.signingkey "ssh-ed25519 <your key id>"
- Create and set the file for allowed signers
git config --global gpg.ssh.allowedSignersFile ~/.ssh/allowed_signers
touch ~/.ssh/allowed_signers
- Add your email address and key to the file for authorized signatures
echo "your@email.com ssh-ed25519 <your key id>" > ~/.ssh/authorized_signatures
- Test it with a commit
git commit --allow-empty --message="Testing SSH signing"
git show --show-signature