The Boba Cybercafe

Share this post

Using your SSH Public Key for Verified GitHub Commits

btong.substack.com

Using your SSH Public Key for Verified GitHub Commits

↳ 📅 8/25/2022 ✍ guide, software, programming

Bryan
Nov 11, 2022
Share this post

Using your SSH Public Key for Verified GitHub Commits

btong.substack.com
GPG signature verification | The GitHub Blog

Here's how to use our SSH Public Key for Verified GitHub Commits. Depending on the company you work for, this might be a required task as of 2022. Don't fret -- sing your SSH public keys to gain that green "Verified" badge on GitHub is very much possible and easy. Here's how to do it:

  1. Make sure you're using latest git (>= 2.34.0):

    1. (For Mac) which git by default on macOS will be /usr/bin/git from Xcode. We don't want to use this version.

    2. (For Mac) Install the latest git via Brew and then run brew unlink git && brew link git

    3. which git should reveal now /user/local/bin/git

  2. Set Git to use SSH for keys:

    1. Run git config --global gpg.format ssh

    2. Be warned that if you need proper GPG too, this isn't the guide for you.

  3. Set your signing key:

    1. Check for your existing SSH keys

    2. (Situational) If keys are too old or short, check this StackOverflow issue.

    3. pbcopy < ~/.ssh/id_rsa.pub or whatever your key is called. Use ed25519 if you prefer.

    4. Double check it's your public key. 👀

    5. Set global configs: git config --global user.signingkey 'PASTE-YOUR-PUBKEY-HERE'

  4. Go to GitHub Settings > Keys

    1. Make sure you add your id_rsa.pub (or equivalent) as a Signing Key, not the Authentication Key that you probably already use it for.

    2. Save, then try out a test commit to see your verified badge.

  5. Commit with the newly needed flags: `git commit -S -s -m "message-here"

    1. -S cryptographically signs

    2. -s adds "Signed-off-by"

hope it helps.
- bryan

Thanks for reading Bryan Talks Too Much! Subscribe for free to receive new posts and support my work.

Share this post

Using your SSH Public Key for Verified GitHub Commits

btong.substack.com
Comments
TopNew

No posts

Ready for more?

© 2023 Bryan
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing