Using your SSH Public Key for Verified GitHub Commits

↳ 📅 8/25/2022 ✍ guide, software, programming

Here's how to use our SSH Public Key for Verified GitHub Commits. Depending on the company you work for, this might be a required task as of 2022. Don't fret -- sing your SSH public keys to gain that green "Verified" badge on GitHub is very much possible and easy. Here's how to do it:

  1. Make sure you're using latest git (>= 2.34.0):
    1. (For Mac) which git by default on macOS will be /usr/bin/git from Xcode. We don't want to use this version.
    2. (For Mac) Install the latest git via Brew and then run brew unlink git && brew link git
    3. which git should reveal now /user/local/bin/git
  2. Set Git to use SSH for keys:
    1. Run git config --global gpg.format ssh
    2. Be warned that if you need proper GPG too, this isn't the guide for you.
  3. Set your signing key:
    1. Check for your existing SSH keys
    2. (Situational) If keys are too old or short, check this StackOverflow issue.
    3. pbcopy < ~/.ssh/id_rsa.pub or whatever your key is called. Use ed25519 if you prefer.
    4. Double check it's your public key. 👀
    5. Set global configs: git config --global user.signingkey 'PASTE-YOUR-PUBKEY-HERE'
  4. Go to GitHub Settings > Keys
    1. Make sure you add your id_rsa.pub (or equivalent) as a Signing Key, not the Authentication Key that you probably already use it for.
    2. Save, then try out a test commit to see your verified badge.
  5. Commit with the newly needed flags: `git commit -S -s -m "message-here"
    1. -S cryptographically signs
    2. -s adds "Signed-off-by"

hope it helps.
- bryan

Back to Blog Back to Home