Today I Learned

2025/02/07

git ssh

That to verify git SSH commit signatures locally, you need to

git config gpg.ssh.allowedSignersFile $PATH_TO_ALLOWED_SIGNERS_FILE

The signers file will be in the form

user@email.com namespace="git" ssh-ed25519 AAA...jhq user@email.com

Once that’s set up. you can run

git log --show-signature

To verify signatures locally. Alternately, you can run

git log --format="signed:%G? fingerprint:%GF key:%GK"

See https://git-scm.com/docs/git-log#Documentation/git-log.txt-emGGem for more signature-related log format directives.