Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Github : Signing commits using GPG (Ubuntu/Mac)

Github : Signing commits using GPG (Ubuntu/Mac) 🔐

  • Do you have an Github account ? If not create one.
  • Install required tools
  • Latest Git Client
  • gpg tools
# Ubuntu
sudo apt-get install gpa seahorse
# MacOS with https://brew.sh/
brew install gpg
  • Generate a new gpg key
gpg --gen-key
  • Answer the questions asked

Note: When asked to enter your email address, ensure that you enter the verified email address for your GitHub account.

  • List generated key
gpg --list-secret-keys --keyid-format LONG
  • Above command should return like this
/home/username/.gnupg/secring.gpg
-------------------------------
sec   4096R/<COPY_LONG_KEY> 2016-08-11 [expires: 2018-08-11]
uid                          User Name <user.name@email.com>
ssb   4096R/62E5B29EEA7145E 2016-08-11

  • Note down your key COPY_LONG_KEY from above (without < and >)
  • Export this (public) key to a text file
gpg --armor --export <PASTE_LONG_KEY_HERE> > gpg-key.txt
  • Above command will create a new txt file gpg-key.txt

  • Add this key to GitHub

  • Login to Github and goto profile settings

  • Click New GPG Key and paste the contents of gpg-key.txt file then save

  • Tell git client to auto sign your future commits

  • Use the long key from above in next command

git config --global user.signingkey <PASTE_LONG_KEY_HERE>
git config --global commit.gpgsign true
  • You are done, next time when you commit changes; gpg will ask you the passphrase.

Make gpg remember your passphrase (tricky)

To make it remember your password, you can use gpg-agent

Edit your ~/.gnupg/gpg-agent.conf file and paste these lines

default-cache-ttl 28800
max-cache-ttl 28800

28800 seconds means 8 hours

If gpg-agent is not running you can start it with this command

gpg-agent --daemon

Change your key passphrase

gpg --edit-key <PASTE_YOUR_KEY_ID_HERE>

At the gpg prompt type:

passwd

Type in the current passphrase when prompted
Type in the new passphrase twice when prompted
Type:

save

Reference links

@haxpor

This comment has been minimized.

Copy link

commented Feb 10, 2017

I tried it, and it seems like you have to enter passphase first time then it will be alive for the time you set. It's not a permanent solution.

@ankurk91

This comment has been minimized.

Copy link
Owner Author

commented Mar 22, 2017

@haxpor
And thats enough.

@ecbrodie

This comment has been minimized.

Copy link

commented Apr 28, 2017

@ankurk91 excellent instructions. Definitely the most simple one I've seen so far. Thank you.

Just wondering, is there any way to suppress this message?

gpg-agent: a gpg-agent is already running - not starting a new one

@ankurk91

This comment has been minimized.

Copy link
Owner Author

commented Apr 30, 2017

@ecbrodie
If gpg-agent is already running then you no need to start it manually.

@salmanwaheed

This comment has been minimized.

Copy link

commented Sep 24, 2017

great work bro 👍

@hannesvdvreken

This comment has been minimized.

Copy link

commented Sep 26, 2017

git config --global tag.gpgsign true

does this actually work for you @ankurk91?

@ankurk91

This comment has been minimized.

Copy link
Owner Author

commented Sep 27, 2017

@hannesvdvreken
there is no such config documented, so removed, thanks for the heads up.

@takac

This comment has been minimized.

Copy link

commented Jan 17, 2018

On OSX I had to set GPG_TTY for things to work.

export GPG_TTY=$(tty)
@robincher

This comment has been minimized.

Copy link

commented Mar 20, 2018

Thanks it's been helpful :) 👍

@kmoll

This comment has been minimized.

Copy link

commented Apr 27, 2018

I found that max-cache-ttl actually needs to be maximum-cache-ttl. Once I changed that in my system it stopped prompting me every time for the passphrase.

@ankurk91

This comment has been minimized.

Copy link
Owner Author

commented Apr 28, 2018

@kmoll
The man page says that it should be max-cache-ttl

@nelson6e65

This comment has been minimized.

Copy link

commented May 3, 2018

Hi. In my case, it was not working due to gpg version used by git.

Here's the solution: Setup git to use gpg2 instead of gpg
https://askubuntu.com/a/805550

@ankurk91 The man page you linked is for version 2:

This is the The GNU Privacy Guard Manual (version 2.2.7, April 2018).

@tedbyron

This comment has been minimized.

Copy link

commented Jun 4, 2018

Thanks! All of these steps work on Windows as well with the Windows gpg binary and any unix shell emulator

@kaushalvivek

This comment has been minimized.

Copy link

commented Jul 14, 2018

Thanks! Was really helpful.

@chizou

This comment has been minimized.

Copy link

commented Aug 6, 2018

My output came out a bit different. For the part with updating git to use the key, I had to specify --keyid-format SHORT, as in gpg --list-secret-keys --keyid-format SHORT. For reference, I'm using gpg (GnuPG) 2.2.4 libgcrypt 1.8.1

@duffn

This comment has been minimized.

Copy link

commented Sep 2, 2018

Thanks, this is a very helpful gist.

@cbismuth

This comment has been minimized.

Copy link

commented Sep 7, 2018

Thank you! I had to add this command line git config --global gpg.program gpg2.

@joe42

This comment has been minimized.

Copy link

commented Nov 15, 2018

Note that when generating the key, use the output of git config --get user.name as the name and git config --get user.email as the email address. Otherwise, committing will fail.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.