Skip to content

Instantly share code, notes, and snippets.

@Vlasterx

Vlasterx/generate_signing_keys.md

Last active June 7, 2024 11:54
Show Gist options
  • Save Vlasterx/8913bc62b476e8604c0eb9b9bd845115 to your computer and use it in GitHub Desktop.
Save Vlasterx/8913bc62b476e8604c0eb9b9bd845115 to your computer and use it in GitHub Desktop.
Download ZIP
Creating signing keys for GitHub
Raw
generate_signing_keys.md

Use GPG signing keys for GitHub

Windows only:

  • Install gpg4win

    winget install gnupg.Gpg4win

    or download it from https://gpg4win.org

  • Configure Git to use the Gpg4win Kleopatra Git needs to know the path to the GPG executable. You can set it with the following command:

    git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

    Replace "C:\Program Files (x86)\GnuPG\bin\gpg.exe" with the actual path to your gpg.exe.

MacOS only:

  • Install GPG 
    brew install gpg

  1. Generate a new GPG key pair: Open your terminal and type the following command:

    gpg --full-generate-key

    Follow the prompts to generate your key pair.

  2. List your GPG keys: You can list your GPG keys with the following command:

    gpg --list-secret-keys --keyid-format LONG

    From the list of GPG keys, copy the GPG key ID you'd like to use. In this example, the GPG key ID is 3AA5C34371567BD2:

    /Users/hubot/.gnupg/secring.gpg
------------------------------------
sec   4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]

  3. Export the GPG key: Paste the text below, substituting in the GPG key ID you'd like to use. In this example, the GPG key ID is 3AA5C34371567BD2:

    gpg --armor --export 3AA5C34371567BD2

    Copy your GPG key, beginning with -----BEGIN PGP PUBLIC KEY BLOCK----- and ending with -----END PGP PUBLIC KEY BLOCK-----.

  4. Add the GPG key to your GitHub account: Go to your GitHub settings, click on "SSH and GPG keys", click on "New GPG key", and paste your GPG key into the "Key" field.

  5. Tell Git about your GPG key: Set your GPG signing key in Git. Paste the text below, substituting in the GPG key ID you'd like to use:

    git config --global user.signingkey 3AA5C34371567BD2

  6. Sign commits: When you commit changes, you can add the -S option to sign it:

    git commit -S -m "your commit message"

  7. Push your commits to GitHub: When you push your commits to GitHub, you'll see a "Verified" label on GitHub next to each of your signed commits.

Remember to replace 3AA5C34371567BD2 with your actual GPG key ID.

Automatically signing all commits in VSCode

  1. Enable global signing

    git config --global commit.gpgsign true

  2. Configure VS Code to sign commits Open the settings in VS Code (File > Preferences > Settings or Ctrl + ,). Search for "Git: Enable Commit Signing" and check the box.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment