Sign commits with SSH key

Since version 2.34 of git, it has been possible to sign commits using SSH key(s). I find this handy, as it helps manage my version control workflow with just one key type. Here is a minimal example of ~/.gitconfig to set it up:

[branch]
    sort = -committerdate

[commit]
    gpgsign = true
    verbose = true

[core]
    editor = nvim

[column]
    ui = auto

[diff]
    algorithm = histogram
    colorMoved = plain
    mnemonicPrefix = true
    renames = true

[fetch]
    prune = true
    pruneTags = true
    all = true

[gpg]
    format = ssh

[gpg "ssh"]
    allowedSignersFile = ~/.ssh/allowed_signers

[help]
    autocorrect = prompt

[init]
    defaultBranch = master

[push]
    default = simple
    autoSetupRemote = true
    followTags = true

[rebase]
    autoSquash = true
    autoStash = true
    updateRefs = true

[tag]
    gpgsign = true
    sort = version:refname

[user]
    name = Chetan Kunte
    email = ckunte@gmail.com
    signingkey = ~/.ssh/id_ed25519.pub

To let GitHub know that you will use SSH key for signing commits, add the SSH public key to Settings > SSH and GPG keys > Signing keys. Copy public key as so:

pbcopy < ~/.ssh/<public key filename>.pub

To avoid error: gpg.ssh.allowedSignersFile needs to be configured and exist for ssh signature verification, add a file ~/.ssh/allowed_signers with the following contents (email, key type, public key):

<my email address> ssh-ed25519 <public key>

Replace placeholders (shown in angle brackets above) with the actual information. Test with git show --show-signature. It should show as valid. Refer to GitHub Docs, which offers details for both GPG as well as SSH commit signature verification.