How do I sign git commits using my existing ssh key

Question

According to GitHub blog you can now sign your commits using your existing ssh key.

https://github.blog/2021-11-15-highlights-from-git-2-34/#tidbits

Following that: https://unix.stackexchange.com/questions/269188/use-my-ssh-key-to-sign-git-commits.

I've also been going through this documentation: https://git-scm.com/docs/git-config#Documentation/git-config.txt-gpgprogram, but it's very unclear how to use it.

I've set my gpg format to ssh and signining to true, so currently it is trying to sign it and fails. I believe I need to also set the user.signingKey but I can't figure out what the format is, i.e. git config --global user.signingKey <what-is-supposed-to-go-here>?

I sort of have a second question to that. If in 1 year from now I format my PC and lose my keys, I would have no way to verify that those commits still belong to me. Is there a good standard for saving that key somewhere other than just dumping it into some online drive somewhere (where I'm likely to lose it anyways)?

Edit: I've at least managed to get gpg working. Following: Git error - gpg failed to sign data, my gpg was breaking with:

gpg: signing failed: Inappropriate ioctl for device gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device

Then adding export GPG_TTY=$(tty) to bash, from "gpg: signing failed: Inappropriate ioctl for device" on MacOS with Maven, ended up working for me so it at least signs it using gpg.

Edit: Thought I managed to get it working but no. Following https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent, I created a new ed25519 ssh key.

After that you need git config --global gpg.format "ssh", along with git config --global user.signingkey "<key>".

I used ssh-ed25519 ASD9s8df79AASDa8sd79as7d9a8s7d89ASDASD98a7sd98a7sdASA/sd [email protected] as the key, from ~/.ssh/id_ed25519.pub.

But then I go to github and see:

Now I have no idea any more.

Answer 1

I: Set the gpg format to accept ssh:

git config --global gpg.format ssh

II. Set the signing key as your ssh key public file

git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB

Once you've done these things, go to your GitHub > Profile > SSH & GPG Keys > SSH Keys. And click on add new SSH Key. Make sure to select the type as signing key and fill the public key in the box.

Please follow through the link below if you have confusions: https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key#:~:text=killall%20gpg%2Dagent-,Telling%20Git%20about%20your%20SSH%20key,-You%20can%20use