Menu
I'm having some issues with getting Github to verify my signed commits. I've a ed25519 ssh key that I use for pushing commits to GitHub (which works!), I'm also using this key to sign my commits. I've set the following config for my git environment:
user.name=<my name>
user.email=<number>+<username>@users.noreply.github.com
user.signingkey=/path/to/ed25519key.pub
gpg.format=ssh
commit.gpgsign=true
gpg.ssh.allowedsignersfile=/path/to/allowedsigners
If I check the commit log with the --show-signature flag I get "Good "git" signature ...".
Now, on Github my commits are flagged as unverified and if I click on the badge I can see the key fingerprint with matches the fingerprint under SSH and GPG keys in my account settings.
Any idea what I'm doing wrong?
Christian
571
asked Apr 21 '26 07:04
Just leaving this for others that might stumble over this. As pointed out by Jim Redmond, I needed to add the key twice. Once as an authentication key and once as a signing key.
Both types are added under Settings/SSH and GPG keys. Create new SSH key and choose the type from the dropdown menu.
187
answered Apr 23 '26 22:04
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With