gitconfig
Since version 2.34 of git, it has been possible to sign commits using SSH key(s).1 I find this handy, as it helps manage my version control workflow with just one key type. Here is a minimal example of ~/.gitconfig to set it up:
[user]
name = Chetan Kunte
email = <my email address>
signingkey = ~/.ssh/<public key filename>.pub
[commit]
gpgsign = true # sign commit(s)
[tag]
gpgsign = true # sign tag(s)
[gpg]
format = ssh # use SSH key for signing commits
[gpg "ssh"]
allowedSignersFile = ~/.ssh/allowed_signers
[init]
defaultBranch = master # force of habit
[core]
editor = nvim # my preferred editor
To let GitHub know that you will use SSH key for signing commits, add the SSH public key to Settings → SSH and GPG keys → Signing keys. Copy public key as so:
pbcopy < ~/.ssh/<public key filename>.pub
To avoid “error: gpg.ssh.allowedSignersFile needs to be configured and exist for ssh signature verification”, add a file ~/.ssh/allowed_signers with the following contents (email, key type, public key):
<my email address> ssh-ed25519 <public key>
Replace placeholders (shown in angle brackets above) with the actual information. Test with git show --show-signature. It should show as valid.2
-
Previously this required a GPG key + key management tool chain. ↩
-
Refer to GitHub Docs, which offers details for both GPG as well as SSH commit signature verification. ↩