GUIDES

Matthew Garrett Details SSH Certificate Method for Git Commit Signing

Z Zara Mitchell Mar 22, 2026 Updated Apr 7, 2026 5 min read
Engine Score 7/10 — Important

This story offers actionable guidance on securing Git workflows with SSH certificates, significantly impacting developers and organizations focused on software supply chain security. While the underlying technologies are established, the practical implementation details are highly relevant for improving secure development practices.

Editorial illustration for: Security Researcher Details SSH Certificate Implementation for Git Signing

Matthew Garrett, a security developer at NVIDIA and Linux power management and firmware engineer, published a detailed technical walkthrough on March 21, 2026, explaining how SSH certificates can be used to cryptographically sign git commits and tags. The post on his blog is a seven-minute guide covering local configuration, signature validation, hardware key storage, and attestation — and includes a custom tool he wrote to simplify certificate retrieval.

  • Git natively supports commit signing via three methods — OpenPGP, X.509, and SSH keys — and Garrett argues SSH certificates provide the most auditable chain of trust among the three.
  • SSH certificates carry a structured “Principals” metadata field encoding identities or group memberships, enabling richer verification than bare public keys alone.
  • Two git configuration parameters are required: gpg.format ssh and either user.signingkey or gpg.ssh.defaultKeyCommand.
  • Garrett published a custom utility that queries an SSH agent for a certificate signed by a specified certificate authority and passes it directly to git.

What Happened

On March 21, 2026, Matthew Garrett published a blog post outlining a practical method for using SSH certificates to sign git commits — a workflow he frames as a direct response to supply chain security weaknesses in how commit authorship is currently verified. Garrett is a power management, mobile, and firmware developer on Linux and a security developer at NVIDIA. The full post walks through local git configuration, signature validation using ssh-keygen, hardware token support, and what Garrett describes in his table of contents as an attestation angle he did not anticipate needing to address.

The motivation is stated plainly: git author fields can be falsified, and account compromise makes fraudulent commits difficult to detect. “A PR being opened by a compromised user is going to be hard to distinguish from the authentic user,” Garrett writes, arguing that cryptographic signing provides a harder-to-spoof signal of authorship than author metadata alone.

Why It Matters

Without signed commits, a project’s history provides no cryptographic assurance that the attributed developer actually authored the code. Platforms like GitHub allow users to associate multiple SSH keys with an account, but Garrett notes a structural weakness in that model: a compromised GitHub account becomes a mechanism to silently expand the set of trusted signing keys. “When was the last time you audited your keys,” he asks rhetorically in the post, “and how certain are you that every trusted key there is still 100% under your control?”

His post arrives as commit signing requirements have become more common in enterprise and open source security policies. GitHub and GitLab both display verification badges for signed commits, and some regulated environments now require signed commits as a condition for merge. The quality of signing infrastructure, however, has remained uneven — and most existing deployments still rely on OpenPGP key management.

Technical Details

Git’s entire signing infrastructure lives under the gpg configuration namespace regardless of which signing method is used — a design decision Garrett attributes to historical reasons. “Unfortunately for historical reasons all the git signing config is under the gpg namespace even if you’re not using OpenPGP,” he writes. “Yes, this makes me sad.” Enabling SSH-based signing requires setting git config set gpg.format ssh as the first step.

The second required parameter is either user.signingkey, pointing to the filesystem path of the SSH certificate, or gpg.ssh.defaultKeyCommand, which specifies a command that retrieves the certificate from an SSH agent at signing time. The latter option supports scenarios where the private key lives on a smartcard or hardware security token rather than on disk.

SSH certificates differ from bare SSH public keys by carrying a certificate authority’s signature and a structured metadata field called “Principals” — a list that may include usernames or group membership identifiers. This allows a verifier to confirm not just that a signature was made by a known key, but that a trusted authority has formally attested to the identity behind it. Native SSH agent forwarding means developers can store keys locally and sign commits on a remote development server without additional configuration steps.

For signature validation, Garrett’s method relies on ssh-keygen operating against a file in authorized-keys format. An entry of the form * cert-authority ssh-rsa AAAA… will, as Garrett explains, “match all principals (the wildcard) and succeed if the signature is made with a certificate that’s signed by the key following cert-authority.” Developers attach signatures at commit time using the -S flag with git commit and other git commands; the native git tooling handles validation by calling out to ssh-keygen internally.

Garrett also wrote and published a utility to simplify certificate discovery. The tool queries an SSH agent — either via the socket referenced by the SSH_AUTH_SOCK environment variable or one specified with a -agent argument — locates a certificate signed by a CA key provided via a -ca argument, and returns it to git. This allows the certificate to be resolved dynamically rather than requiring a static file path in the git configuration.

Who’s Affected

Open source project maintainers and enterprise development teams managing contributor access are the primary audience. The method is especially relevant for organizations currently relying on platform-level key trust — where a compromised developer account could silently alter the set of accepted signing keys without any administrator action.

Security teams implementing supply chain integrity controls will find the certificate authority model more operationally tractable than per-key trust: revoking a contributor’s signing rights requires revoking their certificate at the CA level rather than locating and removing individual keys across multiple configuration files. Developers using hardware tokens such as smartcards can use the gpg.ssh.defaultKeyCommand path to integrate certificate signing without exposing keys to disk.

What’s Next

Garrett’s post includes a section labeled “Wait, attestation?” in its table of contents, indicating the guide extends beyond standard certificate chains to attesting the provenance of the signing key itself — a layer relevant to hardware-backed key use cases. The source material does not specify a version number or package registry entry for the custom certificate-retrieval tool; it is linked directly from the blog post.

Garrett explicitly cautions developers against auditing git’s internal implementation code for this functionality, without elaborating on the reasons. Before deploying this workflow, he advises reviewing all keys currently in a project’s trust store, noting that accumulated keys from previous contributors may include ones that are no longer fully under their owner’s control. The full post is available at codon.org.uk.

Related Reading

#git signing #Matthew Garrett #security guide #supply chain security #transshipment
Share

Enjoyed this story?

Get articles like this delivered daily. The Engine Room — free AI intelligence newsletter.

Join 500+ AI professionals · No spam · Unsubscribe anytime

Related Articles