- references: https://wiki.archlinux.org/index.php/GnuPG
~/.gnupg/gpg.conf
use SHA512 over default SHA256
personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
personal-cipher-preferences TWOFISH CAMELLIA256 AES 3DES
gpg --full-gen-key
- type = (1) RSA and RSA
- keysize = 2048
- exp. date = 1 year (can extend later)
Register GPG key on Github account
gpg --armor --export yourkey
- paste output to github gpg keys page
- can use Fullname or email address for
yourkey
add use-agent
to ~/.gnupg/gpg.conf
(I think this was necessary for PyCharm to be able to commit using PGP key).
NOTE: if Pycharm fails to commit files then add no-tty
to the gpg config file as well.
Register SSH key on Github account (so can use git without entering user/pass everytime)
add ssh public key to github
xclip -sel clip < ~/.ssh/id_rsa.pub
test that ssh works
ssh -T git@github.com
check that the repo you're working on is set to use SSH instead of HTTPS
git remote -v
otherwise, need to change the remote URL to use git
git remote set-url origin git@github.com:ammgws/ammcon-frontend.git
set global user info for git:
git config --global user.signingkey yourgpgkeyhere
git config --global commit.gpgsign true
git config --global user.name "Yarp"
git config --global user.email "yip@yarp.com"
-
make sure the repo you're working on doesn't have user info set locally, otherwise it will override the global setting
-
can remove with
git config -e
in the repo dir -
can find gpg key ID by running
gpg --list-secret-keys
-
if it keeps asking for username/password when trying to push, it's probably because the git origin url is set to HTTPS instead of SSH. fix as shown below
user@host ~/D/e/_/wynbot> git remote -v
origin https://github.com/ammgws/wynbot.git (fetch)
origin https://github.com/ammgws/wynbot.git (push)
user@host ~/D/e/_/wynbot> git remote set-url origin git@github.com:ammgws/wynbot.git