This generates a ed25519 key. Ed25519 was introduced on OpenSSH version 6.5
This should be widely supported now.
ssh-keygen -t ed25519 -C "comments to identify the key purpose" -f <file_name>
Anyone can use any name and email id when committing in git. Hence, it is always a good idea to sign the commits. This protects against identity impersonation.
Create a key that remains valid for 1 year. Choose an appropriate duration, as short as possible.
# the format is typically "firstname lastname <email@domain.tld>"
gpg --quick-generate-key "name <email>" ed25519 sign 1y
Then check the key_id created.
gpg --list-public-keys --with-colons <email> | awk -F':' '/pub/ {print $5}'
Once the key_id is found, the key can be exported in a format accepted by your repository.(Gitlab, Github, etc.)
gpg --armor --export <key_id>
Add config to the local repo or add --global to all lines to make the configs globally applicable in the system.
git config user.name <name>
git config user.email <email_id>
git config core.sshCommand 'ssh -i ~/.ssh/<key_name>'
git config commit.gpgsign true
git config tag.gpgsign true
git config rerere.enabled true
git config pull.rebase true
Sign with gpg
git config user.signkey $(gpg --list-public-keys --with-colons <email_id> | awk -F':' '/pub/ {print $5}')
Sign with ssh
git config gpg.format ssh
git config user.signingkey ~/.ssh/<key_name>.pub
alias gitlog='git log --abbrev-commit --pretty=format:"%C(magenta)%h %C(red)% G? %Cgreen%ad (%>(15,trunc)%cr) %Cblue%<(15,trunc)%an %Creset%s %Cred% gD% D" --date="format-local:%Y-%m-%d %H:%M:%S" --no-merges --author-date-order'