Signing Your Commits · ProcessMaker/processmaker Wiki · GitHub
Skip to content

Signing Your Commits

Jump to bottom
Luke Molnar edited this page Mar 18, 2025 · 3 revisions

Step-by-Step Guide to Enable Git Commit Signing with SSH

Follow these simple steps to securely sign your Git commits using your existing SSH keys:

Step 1: Confirm Your SSH Key

Ensure you have an SSH key already generated:

ls ~/.ssh

Typical filenames are:

  • id_ed25519.pub
  • id_rsa.pub

If you don't have an SSH key, generate one:

ssh-keygen -t ed25519 -C "your_email@example.com"

Step 2: Configure Git to Sign Commits with SSH

Set Git to use SSH for commit signing:

git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/id_ed25519.pub
git config --global commit.gpgsign true

Replace ~/.ssh/id_ed25519.pub with your actual public key path if different.

Step 3: Add SSH Key to GitHub

Ensure your SSH public key is added to your GitHub account:

  • Go to GitHub Settings → SSH and GPG keys.
  • Click New SSH Key and paste your public key.
    • Make sure you select "Signing Key" in the "Key Type" dropdown
  • Confirm the key is added and marked as "verified."

Step 4: Test Your Commit Signing

Make a test commit to confirm everything is working:

git commit -S -m "Test commit using SSH signing"

Push the commit and confirm it is marked as "Verified" on GitHub.

Troubleshooting

  • If your commits aren't showing as verified, ensure the email associated with your SSH key matches your GitHub account.
  • Double-check that you've set the correct SSH public key path in Git config.

Now your commits will be securely signed using your SSH keys!

Clone this wiki locally