Skip to content

Instantly share code, notes, and snippets.

Last active June 7, 2024 14:31
Show Gist options
  • Save ankurk91/c4f0e23d76ef868b139f3c28bde057fc to your computer and use it in GitHub Desktop.
Save ankurk91/c4f0e23d76ef868b139f3c28bde057fc to your computer and use it in GitHub Desktop.
Signing git commits using GPG (Ubuntu/Mac)

Github : Signing commits using GPG (Ubuntu/Mac) 🔐

  • Do you have an Github account ? If not create one.
  • Install required tools
  • Latest Git Client
  • gpg tools
# Ubuntu
sudo apt-get install gpa seahorse
# MacOS with
brew install gpg
  • Generate a new gpg key
gpg --gen-key
  • Answer the questions asked

Note: When asked to enter your email address, ensure that you enter the verified email address for your GitHub account.

  • List generated key
gpg --list-secret-keys --keyid-format LONG
  • Above command should return like this
sec   4096R/<COPY_LONG_KEY> 2016-08-11 [expires: 2018-08-11]
uid                          User Name <>
ssb   4096R/62E5B29EEA7145E 2016-08-11

  • Note down your key COPY_LONG_KEY from above (without < and >)
  • Export this (public) key to a text file
gpg --armor --export <PASTE_LONG_KEY_HERE> > gpg-key.txt
  • Above command will create a new txt file gpg-key.txt

  • Add this key to GitHub

  • Login to Github and goto profile settings

  • Click New GPG Key and paste the contents of gpg-key.txt file then save

  • Tell git client to auto sign your future commits

  • Use the long key from above in next command

git config --global user.signingkey <PASTE_LONG_KEY_HERE>
git config --global commit.gpgsign true
  • You are done, next time when you commit changes; gpg will ask you the passphrase.

Make gpg remember your passphrase (tricky)

To make it remember your password, you can use gpg-agent

Edit your ~/.gnupg/gpg-agent.conf file and paste these lines

default-cache-ttl 28800
max-cache-ttl 28800

28800 seconds means 8 hours

If gpg-agent is not running you can start it with this command

gpg-agent --daemon

Change your key passphrase

gpg --edit-key <PASTE_YOUR_KEY_ID_HERE>

At the gpg prompt type:


Type in the current passphrase when prompted
Type in the new passphrase twice when prompted


Reference links

Copy link

The man page says that it should be max-cache-ttl

Copy link

nelson6e65 commented May 3, 2018

Hi. In my case, it was not working due to gpg version used by git.

Here's the solution: Setup git to use gpg2 instead of gpg

@ankurk91 The man page you linked is for version 2:

This is the The GNU Privacy Guard Manual (version 2.2.7, April 2018).

Copy link

tedbyron commented Jun 4, 2018

Thanks! All of these steps work on Windows as well with the Windows gpg binary and any unix shell emulator

Copy link

Thanks! Was really helpful.

Copy link

chizou commented Aug 6, 2018

My output came out a bit different. For the part with updating git to use the key, I had to specify --keyid-format SHORT, as in gpg --list-secret-keys --keyid-format SHORT. For reference, I'm using gpg (GnuPG) 2.2.4 libgcrypt 1.8.1

Copy link

duffn commented Sep 2, 2018

Thanks, this is a very helpful gist.

Copy link

cbismuth commented Sep 7, 2018

Thank you! I had to add this command line git config --global gpg.program gpg2.

Copy link

joe42 commented Nov 15, 2018

Note that when generating the key, use the output of git config --get as the name and git config --get as the email address. Otherwise, committing will fail.

Copy link

Nice! 🤓

Copy link

apoclyps commented Dec 3, 2019

I had issues running this; It failed to sign commits until I added the following:

export GPG_TTY

Copy link

cesc1989 commented Jul 3, 2020

Awesome. Thanks.

Copy link

Great guide thanks!
When I first tried to create a signed commit, it gave an error:

error: gpg failed to sign the data

I fixed it by killing the running agent killall gpg-agent and starting it again with gpg-agent --daemon

Copy link

Thank you! This works with Windows & Powershell as well if you've installed GIT with all of the bundled Unix tools

Copy link

cawa-93 commented May 31, 2022

Is there any way to sign committees without entering a passphrase but using Windows hello?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment