Signing Git Commits with SSH

I recently ran into a “No signature” error when trying to get my git commits verified and it sent me down a bit of a rabbit hole. If you’ve ever tried to set up GPG signing for git commits, you’ll know it can be a fairly painful experience.

As you can now sign git commits with SSH keys rather than GPG and given that pretty much everyone already has an SSH key (and pretty much no one has a GPG key properly configured) - this is a much more practical approach.

Caleb Hearth has written an excellent post on how to set this up.

If you’re using GitHub, you’ll need to upload your SSH key separately as a signing key (distinct from your authentication key) - but once that’s done you’ll get the verified badge on your commits.