I used to be a PGP user for a long while, but I’ve switched to using SSH keys for signing & encryption. Since November 2024, I sign all my git commits, and other types of digital assets, with the following SSH key:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICEWU0xshVgOIyjzQEOKtjG8sU8sWJPh25CP/ISfJRey
To verify a signature for a file signed with the private part of this key, you can do this:
echo "vladimir@deviant.guru ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICEWU0xshVgOIyjzQEOKtjG8sU8sWJPh25CP/ISfJRey" > allowed_signers
ssh-keygen -Y verify -f allowed_signers -n file -I vladimir@deviant.guru -s file_with_signature < file_to_verify
For details man ssh-keygen or see Andrew Ayer’s excellent blog post
on this.
If you want to start signing your git commits with an SSH key, all you need to do is
git config --global gpg.format ssh
git config --global user.signingkey /path/to/the/public/part/of/your/ssh/key
git config --global gpg.ssh.allowedSignersFile ~/.ssh/keys/deviant/git_allowed_signers
Using age or rage you can also encrypt a file with the public key above, and I, as the happy owner of the private key, will be able to decrypt it. Neat.