Sign Your GitHub Commits with SSH

If you are already using SSH to authenticate to GitHub, it is very easy to sign all your commits as well, as long as you have already installed Git 2.34.0 or later. (Note, there may be problems with OpenSSH 8.7. Use an earlier or later version. I have this working with OpenSSH 8.1p1.)

Configure git to sign all your commits with an SSH key

git config --global gpg.format ssh
git config --global commit.gpgsign true
git config --global tag.gpgsign true

Configure git with the public key to use when signing

Set KEY_FILE to the file containing your SSH public key

KEY_FILE=~/.ssh/id_ed25519.pub
git config --global user.signingKey "$(head -1 $KEY_FILE)"

Add your SSH public key to GitHub as a signing key, much the same way you added it as an authentication key, but choose "Signing Key" instead of "Authentication Key" under "Key type", even if you already have it uploaded as an authentication key. Detailed instructions are available here.

We suggest using the same key you use to authenticate with, so that signing is the same as pulling and pushing, but you can use a different key if you want to be prompted for a password with every commit.

Configure git to sign all your commits with an SSH key​

Configure git with the public key to use when signing​

Configure git to sign all your commits with an SSH key

Configure git with the public key to use when signing