Git commits and tags that I author are signed with my SSH key. Run the following commands to configure an allowed_signers file for git, which will allow signature verification using my key (but use my actual email address instead of the template below):

$ git config --global gpg.ssh.allowedSignersFile ~/.ssh/allowed_signers
$ echo '<my first name>@<this website> namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3JS4UP5c6lEdNuf3nWuqc2K8zcCOv4qAv1nwcszl5Q' >> ~/.ssh/allowed_signers

For the cautious, this key can also be found on my Codeberg account. Once configured, commands like git verify-commit HEAD should print something like the following:

Good "git" signature for <my email> with ED25519 key SHA256:hnf51xvKmqhBUmbV9wf0JENBwiOlZHzTJ46unha/l4o