Using your SSH Public Key for Verified GitHub Commits

↳ 📅 8/25/2022 ✍ guide, software, programming

Here's how to use our SSH Public Key for Verified GitHub Commits. Depending on the company you work for, this might be a required task as of 2022. Don't fret -- sing your SSH public keys to gain that green "Verified" badge on GitHub is very much possible and easy. Here's how to do it:

1. Make sure you're using latest git (>= 2.34.0):

   1. (For Mac) which git by default on macOS will be /usr/bin/git from Xcode. We don't want to use this version.

   2. (For Mac) Install the latest git via Brew and then run brew unlink git && brew link git

   3. which git should reveal now /user/local/bin/git

2. Set Git to use SSH for keys:

   1. Run git config --global gpg.format ssh

   2. Be warned that if you need proper GPG too, this isn't the guide for you.

3. Set your signing key:

   1. Check for your existing SSH keys

   2. (Situational) If keys are too old or short, check this StackOverflow issue.

   3. pbcopy < ~/.ssh/id_rsa.pub or whatever your key is called. Use ed25519 if you prefer.

   4. Double check it's your public key. 👀

   5. Set global configs: git config --global user.signingkey 'PASTE-YOUR-PUBKEY-HERE'

4. Go to GitHub Settings > Keys

   1. Make sure you add your id_rsa.pub (or equivalent) as a Signing Key, not the Authentication Key that you probably already use it for.

   2. Save, then try out a test commit to see your verified badge.

5. Commit with the newly needed flags: `git commit -S -s -m "message-here"

   1. -S cryptographically signs

   2. -s adds "Signed-off-by"

hope it helps.
- bryan