You can sign commits locally using GPG or S/MIME. To configure your Git client to sign commits by default for a local repository, in Git versions 2.0.0 and above.

git commit -S -m your commit message

# Set a gpg key for git:
git config --global user.signingkey your_key_id

# To sign a single commit:
git commit -S -a -m "Test a signed commit"

# Auto-sign all commits globaly
git config --global commit.gpgsign true

If you do not want to sign local commits as you might be rebasing etc. a lot, use following to auto sign only commits that you push out:

git config --global push.gpgSign true