Links:
- How do I sign git commits using my existing ssh key - stackoverflow.com
- Allow using SSH keys to sign commits - github.com
- github docs ssh signing git commits
- Configure Git to sign commits with your SSH key
- git ssh signatures, signing and verifying
Assumptions:
- running linux
- have already generated a ssh key (RSA or ED25519).
- files
id_ed25519
andid_ed25519.pub
exist in~/.ssh/
- files
- have installed git 2.34.0 or newer
- have installed openssh 8.0 or newer
On your cmd:
|
|
After this if you commit, git should ask you a passphrase for signing.
One can check if signature is properly applied or not:
|
|
However, if you get an error:
|
|
then follow below instructions or from this link:
|
|
The reason for error is:
The reason why this signature cannot be verified is because Git does not know which SSH keys
to trust. In contrast to PGP, there is no "web of trust" where keys can be signed. Instead,
you manage a list of trusted keys on your computer, the "allowed signers file" which works
very similar to the "authorized keys file" used by SSH.
see `man 1 ssh-keygen`