| title | intro | redirect_from | versions | topics | shortTitle | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Using a verified email address in your GPG key |
When verifying a signature, {% data variables.product.github %} checks that the committer or tagger email address matches an email address from the GPG key's identities and is a verified email address on the user's account. This ensures that the key belongs to you and that you created the commit or tag. |
|
|
|
Use verified email in GPG key |
{% ifversion fpt or ghec %} If you need to verify your GitHub email address, see AUTOTITLE. {% endif %}If you need to update or add an email address to your GPG key, see AUTOTITLE.
Commits and tags may contain several email addresses. For commits, there is the author — the person who wrote the code — and the committer — the person who added the commit to the tree. When signing a commit with Git, whether it be during a merge, cherry-pick, or normal git commit, the committer email address will be yours, even if the author email address isn't. Tags are more simple: The tagger email address is always the user who created the tag.
If you need to change your committer or tagger email address, see AUTOTITLE.