How to enable signing commits in Git using GPG keys

Git commit signing involves using cryptographic algorithms to attach a digital signature to your commits. This allows others to verify that the commits really are yours, and have not been altered by an unauthorized party.

Instructions for Mac or Linux

First, make sure you have generated ssh keys and your git version is higher than 2.34 for this method, which is the newest and easiest way. Then follow these commands:

git version # should be higher than 2.34 to use this method
git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/id_rsa.pub
git config --global commit.gpgsign true
ssh-agent # make sure its working
ssh-add # type password to your id_rsa
ssh-add --apple-use-keychain # or on linux: ssh-add ~/.ssh/id_rsa.pub

Visit https://github.com/settings/ssh/new and paste the content of your cat .ssh/id_rsa.pub. Now you should have enabled commit with flag Verified on GitHub.

Happy coding!