Skip to main content
GitHub Docs
  • All products
  • Authentication
    • Account security
      • Authentication to GitHub
      • Update access credentials
      • Create a PAT
      • Reviewing your SSH keys
      • Deploy keys
      • Authorizing OAuth Apps
      • Authorizing GitHub Apps
      • Authorized integrations
      • Third-party applications
      • Review OAuth apps
      • Token expiration
      • Security log
      • Remove sensitive data
    • Authenticate with SAML
      • SAML single sign-on
    • Connect with SSH
      • About SSH
      • Check for existing SSH key
      • Generate new SSH key
      • Add a new SSH key
      • Test your SSH connection
      • SSH key passphrases
    • Troubleshooting SSH
      • Recover SSH key passphrase
      • Permission denied (publickey)
      • Error: Bad file number
      • Error: Key already in use
      • Permission denied other-user
      • Permission denied other-repo
      • Agent failure to sign
      • ssh-add: illegal option -- K
      • Error: Unknown key type
      • SSH key audit
    • Verify commit signatures
      • Commit signature verification
      • Existing GPG keys
      • Generating a new GPG key
      • Add a GPG key
      • Tell Git your signing key
      • Associate email with GPG key
      • Signing commits
      • Signing tags
    • Troubleshoot verification
      • Check verification status
      • Use verified email in GPG key
GitHub AE is currently under limited release. Please contact our Sales Team to find out more.
  • Authentication/
  • Verify commit signatures
 
GitHub Docs
  • Authentication/
  • Verify commit signatures
Authentication
    • Get started
    • Account and profile
    • Authentication
    • Repositories
    • Enterprise administrators
    • Billing and payments
    • Site policy
    • Organizations
    • Code security
    • Pull requests
    • GitHub Issues
    • GitHub Actions
    • GitHub Copilot
    • GitHub Codespaces
    • GitHub Packages
    • Search on GitHub
    • Developers
    • REST API
    • GraphQL API
    • GitHub CLI
    • GitHub Discussions
    • GitHub Sponsors
    • Building communities
    • GitHub Pages
    • Education
    • GitHub Desktop
    • GitHub Support
    • Atom
    • Electron
    • CodeQL
    • npm
GitHub AE
    • Free, Pro, & Team
    • Enterprise Cloud
    • Enterprise Server 3.6
    • Enterprise Server 3.5
    • Enterprise Server 3.4
    • Enterprise Server 3.3
    • Enterprise Server 3.2
    • GitHub AE
    • All Enterprise Server releases
    • About versions

 

Managing commit signature verification

You can sign your work locally using GPG or S/MIME. GitHub AE will verify these signatures so other people will know that your commits come from a trusted source.
    • About commit signature verification
    • Checking for existing GPG keys
    • Generating a new GPG key
    • Adding a GPG key to your GitHub account
    • Telling Git about your signing key
    • Associating an email with your GPG key
    • Signing commits
    • Signing tags

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.

Still need help?

Ask the GitHub community
Contact support
  • © 2022 GitHub, Inc.
  • Terms
  • Privacy
  • Security
  • Status
  • Help
  • Contact GitHub
  • Pricing
  • Developer API
  • Training
  • Blog
  • About