Hello HN, I've built signet, a code signing tool that makes it really easy to sign your git commits and arbitrary files such as build outputs. signet uses OpenSSH's key and signature formats, making it easy to migrate from, or to, ssh-keygen or another compatible tool.<p>signet runs on Linux, macOS, and Windows. The following commands will create a new signing key and configure git to sign all future commits and tags in the current repository:<p><pre><code> signet init -s
signet keys -c
git config user.signingkey <key id>
git config gpg.format ssh
git config gpg.ssh.program signet
git config commit.gpgsign true
git config tag.gpgsign true
</code></pre>
GitHub supports commit signature verification for SSH signatures, just print the public key with `signet keys -p <key id>` and add it to your account, and your signed commits and tags will show up as verified.