Commit Signing
Gitfox supports commit signing with OpenPGP and SSH keys in the direct-download and Setapp versions.
The Mac App Store version does not support commit signing.
Choose a signing key
Open Settings → Identities & Signing and create an identity. In the signing key picker you can:
- Leave the key on Automatic so Git uses your configured default
- Select a discovered OpenPGP signing key
- Select a discovered SSH signing key from
~/.ssh - Enter an OpenPGP key ID or fingerprint manually
- Enter an SSH public key manually
OpenPGP keys that are expired, revoked, disabled, invalid, or unavailable are shown but cannot be selected.
Configure SSH trust
SSH signing uses Git's allowed signers file. Open Gitfox → Settings → Git and configure SSH Allowed Signers File if you want Gitfox to manage the configured file path.
When you add an identity with an SSH signing key, Gitfox adds that identity's email address and public key to the configured allowed signers file. If Git does not have gpg.ssh.allowedSignersFile configured yet, Gitfox creates ~/.config/git/allowed_signers and configures Git to use it.
OpenPGP signing uses your existing GPG keyring and Git configuration.
Sign a commit
The commit button menu exposes Sign Commit controls:
- Use Git Default
- Sign
- Do Not Sign
When signing is enabled, Gitfox passes the selected identity signing key to Git. SSH public keys are passed in the format Git expects for inline key material.