About commit signature verification→
Using GPG or S/MIME, you can sign tags and commits locally. These tags or commits are marked as verified on GitHub Enterprise so other people can trust that the changes come from a trusted source.
Checking for existing GPG keys→
Before you generate a GPG key, you can check to see if you have any existing GPG keys.
Generating a new GPG key→
If you don't have an existing GPG key, you can generate a new GPG key to use for signing commits and tags.
Adding a new GPG key to your GitHub account→
To configure your GitHub Enterprise account to use your new (or existing) GPG key, you'll also need to add it to your GitHub Enterprise account.
Telling Git about your signing key→
To sign commits locally, you need to inform Git that there's a GPG or X.509 key you'd like to use.
Associating an email with your GPG key→
Your GPG key must be associated with a GitHub Enterprise verified email that matches your committer identity.
Signing commits→
You can sign commits locally using GPG or S/MIME.
Signing tags→
You can sign tags locally using GPG or S/MIME.