Sign commits with SSH key
Since version 2.34 of git, it has been possible to sign commits using SSH key(s). I find this handy, as it helps manage my version control workflow with just one key type. Here is a minimal example of ~/.gitconfig
to set it up:
[branch]
sort = -committerdate
[commit]
gpgsign = true
verbose = true
[core]
editor = nvim
[column]
ui = auto
[diff]
algorithm = histogram
colorMoved = plain
mnemonicPrefix = true
renames = true
[fetch]
prune = true
pruneTags = true
all = true
[gpg]
format = ssh
[gpg "ssh"]
allowedSignersFile = ~/.ssh/allowed_signers
[help]
autocorrect = prompt
[init]
defaultBranch = master
[push]
default = simple
autoSetupRemote = true
followTags = true
[rebase]
autoSquash = true
autoStash = true
updateRefs = true
[tag]
gpgsign = true
sort = version:refname
[user]
name = Chetan Kunte
email = ckunte@gmail.com
signingkey = ~/.ssh/id_ed25519.pub
To let GitHub know that you will use SSH key for signing commits, add the SSH public key to Settings > SSH and GPG keys > Signing keys. Copy public key as so:
pbcopy < ~/.ssh/<public key filename>.pub
To avoid error: gpg.ssh.allowedSignersFile needs to be configured and exist for ssh signature verification
, add a file ~/.ssh/allowed_signers
with the following contents (email, key type, public key):
<my email address> ssh-ed25519 <public key>
Replace placeholders (shown in angle brackets above) with the actual information. Test with git show --show-signature
. It should show as valid. Refer to GitHub Docs, which offers details for both GPG as well as SSH commit signature verification.