It can't be done with
git-send-email(1), but there's a tool that integrates with it, and is very simple to use:
Install the tool:
$ sudo apt-get install patatt
And then for each repo in which you want to sign patches, run:
$ cd /some/git/repo/
$ patatt install-hook
If you have a
gpg(1) keyring, and
.gitconfig knows about it:
name = Alejandro Colomar
email = firstname.lastname@example.org
signingKey = A9348594CE31283A826FBDD8D57633D441E25BB5
Then you're done. Just use
git-send-email(1) as always, and patches will be signed.
To validate a patch before appying it:
$ patatt validate /path/to/incoming.patch
If the patch contains a signature, it will print a human-readable message telling if the signautre is good (and also return 0) or bad (and also return non-zero), according to your keyring and the patch contents. If there's no signature it will print nothing (and return 0).
Then you can
git-am(1) as always, with confidence.