Github - Verified commit & tag
Contents
Enable verified commit through SSH key could be painful. Here how to do.
1 Ssh key
1.1 Generate the key
Note
You can of course use yours if you have already one.
Replace mySshKey by your name or your email for convenience purpose.
ssh-keygen -t ed25519 -C "mySshKey"
1.2 Set the key in Github
Go in your github personnal settings in the ssh and gpg keys section .
Click on the the new key button .
Put a name to remember the used key, select that you want a signing key and copy paste the content of id_ed25519.pub.
Note
You can use the same public key for signing and authentication. You just need to fill the same form for both type of key.
1.3 Create the allowed_signers file
Creating the ~/.ssh/allowed_signers file help git to associate a mail with an ssh key. You have to use the mail of your Github account.
[email protected] namespaces="git" ssh-ed25519 A..................................................a
2 Git env.
2.1 Configure basics
You have to use the same mail address in Github, in your allowed_signers file and in the command bellow.
git config --global user.email "[email protected]"
git config --global user.name "myUsername"
2.2 Configure verification system
git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/id_ed25519.pub
git config --global commit.gpgsign true
git config --global tag.gpgsign true
git config --global gpg.ssh.allowedSignersFile ~/.ssh/allowed_signers