I've used my OpenPGP key to sign a git commit, but it shows up as "Unverified" on github: https://github.com/cweiske/jsonmapper/commits/master
The usage flags for the key that signed this don't allow signing.
GPG key ID: 14C85A0824EAF823
The github gpg signature docs say nothing about that error.
So my questions:
You can look at your signing capabilities by either looking at the output of --edit-key
or GnuPG's colon-separated output.
Looking at your key, I see that you have a bunch of expired subkeys (some with signing capability), and a primary key that has signing and certification capabilities set. The primary key's expiry period was extended twice (also consider reading "Does OpenPGP key expiration add to security?" on this subject).
I see two possible issues here: