Git Signing and Authentication with SSH
This is a quick guide to set up git with SSH ed25519 keys not only for authenticating with GitHub or GitLab but also for signing commits without the need to install GPG/PGP which has some serious criticisms / flaws that has led me to move into a world without it. The new world isn't as straightforward as the old so I thought I'd just throw together a quick guide to help you out.
SSH
When connecting to remote instances, GitHub, GitLab, etc... you will likely
need an SSH key. The great thing about new versions of git and the providers is
that ed25519 keys support authentication and signing. So you can set up your
git
and SSH to avoid the entire need for GPG/PGP (if you need to share data
securely I recommend Age or Magic
Wormhole for secure
transfers).
To get started simply:
# Will make two files id_ed25519.pub and id_ed25519
# Add the key to your keychain
# Mac
# Linux
# You can verify it's there with
Then just navigate to GitHub and paste the contents of your public ssh key (The contents of ~/.ssh/id_ed25519.pub) and upload it twice, once as an authentication key and once as a signing key.
On GitLab you only need to upload it once and select it's purpose as being for both authentication and signing.