GitHub's Public Key

Hi there!

This is my first time posting here, so please let me know if I’m doing something wrong. Thanks :slight_smile:.

I often use the git cli rather than the GitHub website to verify commits. Sometimes, I’ll either use the GitHub website to make a quick, one-line fix, or I’ll be working with someone who uses the website to write some code, and I’ll need to verify their commit. No problem, I think to myself, preparing to use git verify-commit as I always do.

$ git verify-commit <hash>
gpg: Signature made Wed May 19 20:23:48 2021 EDT
gpg:                using RSA key 4AEE18F83AFDEB23
gpg: Can't check signature: No public key

Uh oh! I can’t verify the commit because I don’t have GitHub’s public key. I was wondering if it is published anywhere, or if I can get it somewhere to do these verifications with the command line?

Thank you so much!

:wave: Welcome!

I’ve seen this error before where the commit email address didn’t match the email address associated with the gpg key. Can you double check that?

the key is here https://github.com/web-flow.gpg

1 Like