Sign Your GitHub Commits with SSH
If you are already using SSH to authenticate to GitHub, it is very easy to sign all your commits as well, as long as you have already installed Git 2.34.0 or later. (Note, there may be problems with OpenSSH 8.7. Use an earlier or later version. I have this working with OpenSSH 8.1p1.)
Configure git to sign all your commits with an SSH key
git config --global gpg.format ssh
git config --global commit.gpgsign true
git config --global tag.gpgsign true
Configure git with the public key to use when signing
Set KEY_FILE
to the file containing your SSH public key
KEY_FILE=~/.ssh/id_ed25519.pub
git config --global user.signingKey "$(head -1 $KEY_FILE)"
Add your SSH public key to GitHub as a signing key, much the same way you added it as an authentication key, but choose "Signing Key" instead of "Authentication Key" under "Key type", even if you already have it uploaded as an authentication key. Detailed instructions are available here.
We suggest using the same key you use to authenticate with, so that signing is the same as pulling and pushing, but you can use a different key if you want to be prompted for a password with every commit.