Using your SSH Public Key for Verified GitHub Commits

↳ 📅 8/25/2022 ✍ guide, software, programming

Want to read this on Substack? Now you can!

Here's how to use our SSH Public Key for Verified GitHub Commits. Depending on the company you work for, this might be a required task as of 2022. Don't fret -- sing your SSH public keys to gain that green "Verified" badge on GitHub is very much possible and easy. Here's how to do it:

  1. Make sure you're using latest git (>= 2.34.0):
    1. (For Mac) which git by default on macOS will be /usr/bin/git from Xcode. We don't want to use this version.
    2. (For Mac) Install the latest git via Brew and then run brew unlink git && brew link git
    3. which git should reveal now /user/local/bin/git
  2. Set Git to use SSH for keys:
    1. Run git config --global gpg.format ssh
    2. Be warned that if you need proper GPG too, this isn't the guide for you.
  3. Set your signing key:
    1. Check for your existing SSH keys
    2. (Situational) If keys are too old or short, check this StackOverflow issue.
    3. pbcopy < ~/.ssh/id_rsa.pub or whatever your key is called. Use ed25519 if you prefer.
    4. Double check it's your public key. 👀
    5. Set global configs: git config --global user.signingkey 'PASTE-YOUR-PUBKEY-HERE'
  4. Go to GitHub Settings > Keys
    1. Make sure you add your id_rsa.pub (or equivalent) as a Signing Key, not the Authentication Key that you probably already use it for.
    2. Save, then try out a test commit to see your verified badge.
  5. Commit with the newly needed flags: `git commit -S -s -m "message-here"
    1. -S cryptographically signs
    2. -s adds "Signed-off-by"

hope it helps.
- bryan

Back to Blog Back to Home