Did you know that you can use the ssh-keygen command to sign and verify signatures on arbitrary data, like files and software releases? Although this feature isn’t super new – it was added in 2019 with OpenSSH 8.0 – it seems to be little-known. That’s a shame because it’s super useful and the most viable alternative to PGP for signing data. If you’re currently using PGP to sign data, you should consider switching to SSH signatures.
Source: It’s Now Possible To Sign Arbitrary Data With Your SSH Keys