Skip to content

Instantly share code, notes, and snippets.

@StevenACoffman
Forked from mort3za/git-auto-sign-commits.sh
Last active October 5, 2023 08:13
Show Gist options
  • Save StevenACoffman/edb11af46045d3a435f2ad3d019c6988 to your computer and use it in GitHub Desktop.
Save StevenACoffman/edb11af46045d3a435f2ad3d019c6988 to your computer and use it in GitHub Desktop.
Auto sign your git commits
ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C gears@umich.edu -N ''
# -o : Save the private-key using the new OpenSSH format rather than the PEM format. Actually, this option is implied when you specify the key type as ed25519.
# -a: It’s the numbers of KDF (Key Derivation Function) rounds. Higher numbers result in slower passphrase verification, increasing the resistance to brute-force password cracking should the private-key be stolen.
# -t: Specifies the type of key to create, in our case the Ed25519.
# -f: Specify the filename of the generated key file. If you want it to be discovered automatically by the SSH agent, it must be stored in the default `.ssh` directory within your home directory.
# -C: An option to specify a comment. It’s purely informational and can be anything. But it’s usually filled with <login>@<hostname> who generated the key.
# -N: Provides the new passphrase.
eval "$(ssh-agent -s)"
ssh-add -K ~/.ssh/id_ed25519
# .ssh/config
# Host *
# AddKeysToAgent yes
# UseKeychain yes
# IdentityFile ~/.ssh/id_ed25519
# IdentityFile ~/.ssh/id_rsa # Keep any old key files if you want
# The difference between signoff and gpg-sign are significant but subtle. signoff doesn’t require the GPG key and is just the line: "Signed-off by"
# Auto-SignOff (not sign)
printf "\nSigned-off-by: Steven A Coffman <gears@umich.edu>\n" > ~/.gitmessage.txt
git config --global commit.template ~/.gitmessage.txt
# Generate a new pgp key: (better to use gpg2 instead of gpg in all below commands)
gpg2 --full-gen-key --expert
# Make sure you have gpg version >= 2.1.21.
# gpg --full-gen-key --expert
# Select (10) ECC (sign only)
# Select (1) Curve 25519
# Answer remaining options with any response.
# After the key is created record its fingerprint
# Copy the newly created key from GPG keychain: gpg --armor --export <fingerprint>
#
# Go to account > settings > GPG keys > paste the Ed25519 PGP public key from the previous step > add key.
# maybe you need some random work in your OS to generate a key. so run this command: `find ./* /home/$(whoami) -type d | xargs grep some_random_string > /dev/null`
# check current keys:
gpg2 --list-secret-keys --keyid-format LONG
# See your gpg public key:
gpg2 --armor --export YOUR_KEY_ID
# YOUR_KEY_ID is the hash in front of `sec` in previous command. (for example sec 4096R/234FAA343232333 => key id is: 234FAA343232333)
# Set a gpg key for git:
git config --global user.signingkey your_key_id
# To sign a single commit:
git commit -S -a -m "Test a signed commit"
# Auto-sign all commits globaly
git config --global commit.gpgsign true
git config --global gpg.program gpg2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment