With newer versions of
git commit -m "some message" -S
$ git log --show-signature
gpg: Signature made Fri 28 Jun 2013 02:28:41 PM EDT using RSA key ID AC1964A8
gpg: Good signature from "Lars Kellogg-Stedman <email@example.com>"
Author: Lars Kellogg-Stedman <firstname.lastname@example.org>
Date: Fri Jun 28 14:28:41 2013 -0400
this is a test
git tag -v
Just in case someone comes to this page through a search engine, like I did: New tools have been made available in the two years since the question was posted: There are now git commands for this task:
git verify-commit and
git verify-tag can be used to verify commits and tags, respectively.