Signing git commits with SSH keys
GitHub announced today that they have added support for signing commits and tags with SSH keys. Here’s how I set it up on my Mac.
First I created a new SSH key for this purpose:
ssh-keygen -t ed25519 -C "gitsigning@priddle.xyz"
Next, git needs to be configured to use it:
git config --global user.signingkey "$(cat ~/.ssh/id_ed25519_gitsigning.pub)"
git config --global gpg.format ssh
ssh-agent needs to be informed of the key. On Mac:
ssh-add --allow-use-keychain ~/.ssh/id_ed25519_gitsigning
On Linux:
ssh-add -K ~/.ssh/id_ed25519_gitsigning
Finally, to sign a commit:
git commit -S ...
Or to sign a tag:
git tag -s ...
And if you want to always sign (yes, this works for SSH in spite of the GPG name):
git config --global commit.gpgSign true
I attempted this a while back with GPG but it was a pain. Hopefully this works better 🤞
Update 2022-09-14: I just came across this post and Hacker News thread that go more into this.