Currently, comin only support GPG keys for Git commit signature verification. It could also support SSH keys such as describe in https://docs.gitlab.com/user/project/repository/signed_commits/ssh/

(also discussed here)