franee/use_ssh_to_sign_github_commits.md

Last active November 27, 2024 18:19

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/franee/827e04bdeebe67791efdce5387833587.js"></script>
Save franee/827e04bdeebe67791efdce5387833587 to your computer and use it in GitHub Desktop.

Download ZIP

Sign Github commits with SSH key

Raw

use_ssh_to_sign_github_commits.md

NOTE: Needs Git 2.34.0 or later

Add SSH as signing key in Github

on local machine

Create an allowed_signers file

touch ~/.ssh/allowed_signers
chmod 600 ~/.ssh/allowed_signers
echo "<your name here> $(cat ~/.ssh/id_rsa.pub)" >> ~/.ssh/allowed_signers

Add to ~/.gitconfig

[user]
  signingkey = ~/.ssh/id_rsa.pub

[gpg]
  program = gpg
  format = ssh
  
[commit]
  gpgsign = true

[gpg "ssh"]
  allowedSignersFile = ~/.ssh/allowed_signers

Test

$ git commit -m "Test SSH signing" --allow-empty

[111222333-some-branch 78737f63f6] Test SSH signing

$ git log --show-signature -1

commit 78737f63f64bfd9f25d79f00fff1a481ed8b8f45 (HEAD -> 111222333-some-branch)
Good "git" signature for <SNIP> with RSA key SHA256:<---SNIP--->
Author: <SNIP> <--SNIP--->
Date:   Wed Nov 27 18:28:59 2024 +0100

    Test SSH signing

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment