Verifying the digital signature of the git commits
The instructions here assume that you are using a linux system like Ubuntu and helps you to verify the digital signature of my github projects at https://github.com/ngchianglin. First download a copy of my public key
and then import it using gpg.
gpg --import key.pub
Verify that the imported key's fingerprint by running the following command.
gpg --fingerprint B51302D4
The displayed fingerprint should match the one shown here.
D6CF A4C1 A583 9EE9 4B35 FA5C 6630 4AB6 B513 02D4
After verification, you can optionally trust the imported public key by signing it with your own key. In this case, we will not be doing this. Clone the git repository if you have not already done so. Change into the cloned repository directory and run the following command.
git log -1 --show-signature
You should get a message saying
gpg: Good signature from "Ng Chiang Lin (Signing Key for Github Commits) <firstname.lastname@example.org>"