diff --git a/home-manager/common/programs/core.nix b/home-manager/common/programs/core.nix
index 3f7976e..b89b20b 100644
--- a/home-manager/common/programs/core.nix
+++ b/home-manager/common/programs/core.nix
@@ -76,11 +76,16 @@ with lib; {
       })
     (mkIf (config.nathan.programs.util.git.enable
       && config.nathan.programs.util.git.sshSign) {
+        home.file.allowedSigners = {
+          target = ".ssh/allowed_signers";
+          text = (import ../../../info/ssh-keys.nix).allowedSigners;
+        };
         programs.git = {
           extraConfig = {
             commit.gpgsign = true;
             gpg.format = "ssh";
             user.signingkey = "~/.ssh/id_ed25519.pub";
+            gpg.ssh.allowedSignersFile = "~/.ssh/allowed_signers";
           };
         };
       })
diff --git a/info/ssh-keys.nix b/info/ssh-keys.nix
index 018d743..093cbbc 100644
--- a/info/ssh-keys.nix
+++ b/info/ssh-keys.nix
@@ -1,26 +1,45 @@
 rec {
   keys = {
     # yubikey ssh key
-    "yubikey" =
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515";
+    "yubikey" = {
+      key =
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515";
+    };
     # levitation ssh key
-    "levitation" =
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG0zeLTlg++shIYcqxksDVkTtHS3MIvlqPIIW+9pufQa nathan@levitation";
+    "levitation" = {
+      key =
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG0zeLTlg++shIYcqxksDVkTtHS3MIvlqPIIW+9pufQa nathan@levitation";
+    };
     # WSL key
-    "wsl" =
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXEV5lvLQ1CcPuJANv5AiYxtcRFEYXD5nODCazWnYC5 nathan@mccarty.io";
+    "wsl" = {
+      key =
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXEV5lvLQ1CcPuJANv5AiYxtcRFEYXD5nODCazWnYC5 nathan@mccarty.io";
+    };
     # Phone key
-    "phone" =
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR0zpmBCb0iEOeeI6SBwgucddNzccfQ5Zmdgib5iSmF nix-on-droid@localhost";
+    "phone" = {
+      key =
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR0zpmBCb0iEOeeI6SBwgucddNzccfQ5Zmdgib5iSmF nix-on-droid@localhost";
+    };
     # Tablet key
-    "tablet" =
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost";
+    "tablet" = {
+      key =
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost";
+    };
     # Macbook key
-    "extremophile" =
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLIZC4A4OhpTvfoL5jeMb1Ong9CwZ/URCYZL6y4Gp7b nathan@extremophile.local";
+    "extremophile" = {
+      key =
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLIZC4A4OhpTvfoL5jeMb1Ong9CwZ/URCYZL6y4Gp7b nathan@extremophile.local";
+    };
     # vm key
-    "productivity-vm" =
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgtdTJThr5/vfUswQb3ee6A++W1OxAOGFQJTE8xDuHv nathan@productivity-vm";
+    "productivity-vm" = {
+      key =
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgtdTJThr5/vfUswQb3ee6A++W1OxAOGFQJTE8xDuHv nathan@productivity-vm";
+    };
   };
-  list = builtins.attrValues keys;
+  list = map (x: x.key) (builtins.attrValues keys);
+  allowedSigners = builtins.concatStringsSep "\n" (map (x:
+    "${
+      builtins.concatStringsSep ","
+      (x.emails or [ "*@mccarty.io" "*@stranger.systems" ])
+    } ${x.key}") (builtins.attrValues keys));
 }