"Telling Git about your SSH key" advises signing with a public key

[rmoreyunderline]

Issue: "Telling Git about your SSH key" advises signing with a public key. However, signing should occur with a private key.

Affected URL: https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key#telling-git-about-your-ssh-key

Suggested change: Change instances of /PATH/TO/.SSH/KEY.PUB to /PATH/TO/.SSH/KEY. Clarify plainly that the private key is used ~and that signing with a public key will likely result in an error~.

[welcome[bot]]

Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

[Sharra-writes]

Thanks for opening this issue! That seems like a major oversight, so I'll definitely look into it.

[Sharra-writes]

@rmoreyunderline To clarify, you say "likely result in an error." Have you tried these steps and received an error?

[rmoreyunderline]

I've tried both cases now: specifying the public key for signing, and specifying the private key. It seems that both actually result in commit signing. This means that Git knows to use the private key even if the public key is specified.

The Git docs mention that a signing key can be specified after getting a private key (for GPG which is also asymmetric): https://git-scm.com/book/ms/v2/Git-Tools-Signing-Your-Work

Once you have a private key to sign with...

Technically the private key is used to sign. Testing reveals that Git allows either key to be specified even though only the private key is used. So this ticket becomes more a question of which filename is preferred. This ticket is thus not urgent and may benefit from additional feedback.

[github-actions[bot]]

A stale label has been added to this issue and it has been closed, because it has been open for 30 days with no activity. If you think this issue should remain open, please add a new comment.