Skip to content

Instantly share code, notes, and snippets.

Forked from bcomnes/
Created Apr 12, 2016
What would you like to do?
my version of gpg on the mac
  1. brew install gnupg21, pinentry-mac (this includes gpg-agent and pinentry)
  2. Generate a key: $ gpg --gen-key
  3. Take the defaults. Whatevs
  4. Tell gpg-agent to use pinentry-mac:
$ vim ~/.gnupg/gpg-agent.conf 

paste in

# Connects gpg-agent to the OSX keychain via the brew-installed$
# pinentry program from GPGtools. This is the OSX 'magic sauce',$
# allowing the gpg key's passphrase to be stored in the login$
# keychain, enabling automatic key signing.$
pinentry-program /usr/local/bin/pinentry-mac
  1. Tell git about it:
$ gpg2 --list-keys
pub   2048R/0A46826A 2014-06-04
uid                  Scott Chacon (Git signing key) <>
sub   2048R/874529A9 2014-06-04

$ git config --global user.signingkey 0A46826A
  1. Tell git that you are using gpg2 like a boss
$ git config --global gpg.program gpg2
  1. Tell github about it
  2. Restart maybe or kill any running gpg-agents. They will not work.
  3. Sign your commits
$ git commit -S -m 'yolo'

You may also read:

  • store your passwords in your system keychain. pinentry-mac provides this for you. you're not edward snowded.
  • <-- good background, but outdated and overly paranoid.
  • Pick a primary system, laptop or not. Use a password manager for the gory details and harddrive encryption to cover your butt if your system gets stolen. Macs are a great option for this because they have FDE and 1Password. Generate master keypair taking the default setup on this primary system. Subkey out to other systems and devices. Back up your revocation cert. Remember to migrate your master key when you replace your primary system.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment