Skip to content

Instantly share code, notes, and snippets.

@Nuru

Nuru/Sign your git commits with SSH.md

Last active September 17, 2022 05:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Nuru/a645451389afff9b8f33a79fe8856088 to your computer and use it in GitHub Desktop.
Save Nuru/a645451389afff9b8f33a79fe8856088 to your computer and use it in GitHub Desktop.
Download ZIP
How to sign your git commits with SSH
Raw
Sign your git commits with SSH.md

If you are already using SSH to authenticate to GitHub, it is very easy to sign all your commits as well, as long as you have already installed Git 2.34.0 or later. (Note, there may be problems with OpenSSH 8.7. Use an earlier or later version. I have this working with OpenSSH 8.1p1.)

Configure git to sign all your commits with an SSH key

git config --global gpg.format ssh
git config --global commit.gpgsign true
git config --global tag.gpgsign true

Configure git with the public key to use when signing

Set KEY_FILE to the file containing your SSH public key

KEY_FILE=~/.ssh/id_ed25519.pub
git config --global user.signingKey "$(head -1 $KEY_FILE)"

Add your SSH public key to GitHub as a signing key, much the same way you added it as an authentication key, but choose "Signing Key" instead of "Authentication Key" under "Key type", even if you already have it uploaded as an authentication key. Detailed instructions at GutHub docs.

I suggest using the same key you use to authenticate with, so that signing is the same as pulling and pushing, but you can use a different key if you want to be prompted for a password with every commit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment