How to sign git commits

General
1

Here’s a guide on how to set up commit signing on our git.

But first of all,

  • Use ed25519 SSH keys to sign commits. If you have a YubiKey, you can use 2FA ed25519_sk SSH keys. To generate a key, use something like ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
  • Do not use PGP keys.

To set up commit signing do the following steps:

  1. Add your SSH key to forgejo: Sign In - gitea: Gitea Service
  2. Click Verify near your key and follow the instructions. Keys have to be verified if you want them to be trusted by forgejo.
  3. Configure Git to use SSH for commit signing:
git config --global gpg.format ssh
  1. Specify which public SSH key to use as the signing key
git config --global user.signingkey ~/.ssh/examplekey.pub
  1. Sign commits using the -S flag!
git commit -S -m "My commit msg"
  1. If you want to sign commits by default:
git config --global commit.gpgsign true