Since Git version 2.34.0 you can sign your commits with your SSH key instead of a GPG key. We'll take a look on how to use it.

In fact, firstly you will have to check your Git version, if you're under 2.34.0 you have to update it.

# check git version
git --version

So you need to update Git ? Easy !

# On Linux
sudo apt-get update
sudo apt-get -y install git

# On Mac
brew upgrade git

# On Windows
# Your version is < 2.14.1, you can uninstall your current Git from your system and install the latest version directly
# You version is > 2.14.1 and < 2.16.1
git update
# Your version is > 2.16.1
git update-git-for-windows

If you don't already have a key using Ed25519 algorithm, you can easily create one.

ssh-keygen -t ed25519 -C "mail@example.com"

Now, we'll configure Gith to use SSH (--global is to use it globally but without it you can use it only on a specific repository).

# Set SSH Key to use for signing
git config --global user.signingkey "$(cat ~/.ssh/<key_id>.pub)"

# Switch signature format to SSH
git config [--global] gpg.format ssh

# Force all future commits to be signed
git config [--global] commit.gpgsign true

# Force all future tags to be signed
git config [--global] tag.gpgsign true

Last step, still easy. You'll have to add this key into your GitHub account, in GitHub settings, add a new SSH key and select "Signing Key" type.

Sometimes you could get an error, you just have to add it again with that command :

ssh-add ~/.ssh/<key_id>

Now you're ready, let's sign your commits!