Git Signing Commits/Tags

Why sign commits?

Signing ensures commits are verified and not tampered with.

Generate GPG key

gpg --full-generate-key

List keys

gpg --list-secret-keys --keyid-format=long

Configure Git to sign

git config --global user.signingkey YOUR_KEY_ID
git config --global commit.gpgsign true

Sign a commit

git commit -S -m 'Signed commit'