StevenACoffman/git-auto-sign-commits.sh

## git-auto-sign-commits.sh
ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C gears@umich.edu -N ''

# -o : Save the private-key using the new OpenSSH format rather than the PEM format. Actually, this option is implied when you specify the key type as ed25519.
# -a: It’s the numbers of KDF (Key Derivation Function) rounds. Higher numbers result in slower passphrase verification, increasing the resistance to brute-force password cracking should the private-key be stolen.
# -t: Specifies the type of key to create, in our case the Ed25519.
# -f: Specify the filename of the generated key file. If you want it to be discovered automatically by the SSH agent, it must be stored in the default `.ssh` directory within your home directory.
# -C: An option to specify a comment. It’s purely informational and can be anything. But it’s usually filled with <login>@<hostname> who generated the key.
# -N: Provides the new passphrase.
eval "$(ssh-agent -s)"
ssh-add -K ~/.ssh/id_ed25519

# .ssh/config
# Host *
#  AddKeysToAgent yes
#  UseKeychain yes
#  IdentityFile ~/.ssh/id_ed25519
#  IdentityFile ~/.ssh/id_rsa # Keep any old key files if you want


# The difference between signoff and gpg-sign are significant but subtle. signoff doesn’t require the GPG key and is just the line: "Signed-off by"

# Auto-SignOff (not sign)
printf "\nSigned-off-by: Steven A Coffman <gears@umich.edu>\n" > ~/.gitmessage.txt
git config --global commit.template ~/.gitmessage.txt


# Generate a new pgp key: (better to use gpg2 instead of gpg in all below commands)
gpg2 --full-gen-key --expert
# Make sure you have gpg version >= 2.1.21.
# gpg --full-gen-key --expert
# Select (10) ECC (sign only)
# Select (1) Curve 25519
# Answer remaining options with any response.
# After the key is created record its fingerprint
# Copy the newly created key from GPG keychain: gpg --armor --export <fingerprint>
#
# Go to account > settings > GPG keys > paste the Ed25519 PGP public key from the previous step > add key.


# maybe you need some random work in your OS to generate a key. so run this command: `find ./* /home/$(whoami) -type d | xargs grep some_random_string > /dev/null`

# check current keys:
gpg2 --list-secret-keys --keyid-format LONG

# See your gpg public key:
gpg2 --armor --export YOUR_KEY_ID
# YOUR_KEY_ID is the hash in front of `sec` in previous command. (for example sec 4096R/234FAA343232333 => key id is: 234FAA343232333)

# Set a gpg key for git:
git config --global user.signingkey your_key_id

# To sign a single commit:
git commit -S -a -m "Test a signed commit"

# Auto-sign all commits globaly
git config --global commit.gpgsign true
git config --global gpg.program gpg2
	ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C gears@umich.edu -N ''

	# -o : Save the private-key using the new OpenSSH format rather than the PEM format. Actually, this option is implied when you specify the key type as ed25519.
	# -a: It’s the numbers of KDF (Key Derivation Function) rounds. Higher numbers result in slower passphrase verification, increasing the resistance to brute-force password cracking should the private-key be stolen.
	# -t: Specifies the type of key to create, in our case the Ed25519.
	# -f: Specify the filename of the generated key file. If you want it to be discovered automatically by the SSH agent, it must be stored in the default `.ssh` directory within your home directory.
	# -C: An option to specify a comment. It’s purely informational and can be anything. But it’s usually filled with <login>@<hostname> who generated the key.
	# -N: Provides the new passphrase.
	eval "$(ssh-agent -s)"
	ssh-add -K ~/.ssh/id_ed25519

	# .ssh/config
	# Host *
	# AddKeysToAgent yes
	# UseKeychain yes
	# IdentityFile ~/.ssh/id_ed25519
	# IdentityFile ~/.ssh/id_rsa # Keep any old key files if you want


	# The difference between signoff and gpg-sign are significant but subtle. signoff doesn’t require the GPG key and is just the line: "Signed-off by"

	# Auto-SignOff (not sign)
	printf "\nSigned-off-by: Steven A Coffman <gears@umich.edu>\n" > ~/.gitmessage.txt
	git config --global commit.template ~/.gitmessage.txt


	# Generate a new pgp key: (better to use gpg2 instead of gpg in all below commands)
	gpg2 --full-gen-key --expert
	# Make sure you have gpg version >= 2.1.21.
	# gpg --full-gen-key --expert
	# Select (10) ECC (sign only)
	# Select (1) Curve 25519
	# Answer remaining options with any response.
	# After the key is created record its fingerprint
	# Copy the newly created key from GPG keychain: gpg --armor --export <fingerprint>
	#
	# Go to account > settings > GPG keys > paste the Ed25519 PGP public key from the previous step > add key.


	# maybe you need some random work in your OS to generate a key. so run this command: `find ./* /home/$(whoami) -type d \| xargs grep some_random_string > /dev/null`

	# check current keys:
	gpg2 --list-secret-keys --keyid-format LONG

	# See your gpg public key:
	gpg2 --armor --export YOUR_KEY_ID
	# YOUR_KEY_ID is the hash in front of `sec` in previous command. (for example sec 4096R/234FAA343232333 => key id is: 234FAA343232333)

	# Set a gpg key for git:
	git config --global user.signingkey your_key_id

	# To sign a single commit:
	git commit -S -a -m "Test a signed commit"

	# Auto-sign all commits globaly
	git config --global commit.gpgsign true
	git config --global gpg.program gpg2