git ssh security

Signing Git commits and tags with SSH

Carlos Alexandro Becker

Carlos Alexandro Becker 19 Nov 2025

You can sign Git commits and tags with SSH keys instead of GPG.

Basically, run this:

git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/id_ed25519.pub
echo "$(git config --get user.email) namespaces=\"git\" $(cat ~/.ssh/id_ed25519.pub)" >> ~/.ssh/allowed_signers
git config --global gpg.ssh.allowedSignersFile ~/.ssh/allowed_signers
git config --global commit.gpgsign true
git config --global tag.gpgsign true
git config --global format.signoff true

And you’re all set.

Important

Git SSH signing supports:

Ed25519 (recommended)

ECDSA (P-256, P-384, P-521)

RSA (minimum 2048 bits)

DSA keys are not supported.