Last active
December 15, 2022 17:23
-
-
Save may/8b4508b9086fbbd74f81325494cc9032 to your computer and use it in GitHub Desktop.
How to verify your commits with GitHub using SSH
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
git config --global user.email "Your Email Used On GitHub.com" | |
git config --global commit.gpgsign true | |
git config --global gpg.format ssh | |
If you already have a high-complexity SSH key, skip this. | |
ssh-keygen -t ed25519 -C "optional comment" | |
cat .ssh/id_ed25519.pub | |
git config --global user.signingkey /home/USER/.ssh/id_ed25519.pub | |
https://github.com/settings/keys | |
Copy-paste your key -- set the type to Signing key. | |
(This assumes you already have this key in the Authentication section, that you've been using it, if not add it as an auth type key too) | |
git commit -am "Now with signing key?" && git push | |
And open your GitHub repo and check if the badge appears. | |
Disclaimer: I wrote this quickly, if I missed something, please let me know. GitHub's helpdocs have all these steps scattered all over. | |
Do your part to secure software supply chains from attack. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment