GPG keys are a way to sign and verify work from trusted collaborators. You can generate a GPG key and add the public key to your GitHub account by following the procedures outlined in this section.
Checking for existing GPG keys
Before you generate a GPG key, you can check to see if you have any existing GPG keys.
Generating a new GPG key
If you don't have an existing GPG key, you can generate a new GPG key to use for signing commits and tags.
Adding a new GPG key to your GitHub account
To configure your GitHub account to use your new (or existing) GPG key, you'll also need to add it to your GitHub account.
Telling Git about your GPG key
After you've set up your GPG key and added it to your GitHub account, you need to inform Git that there's a GPG key you'd like to use.
Associating an email with your GPG key
Your GPG key must be associated with a GitHub verified email that matches your committer identity.
