Skip to content

Instantly share code, notes, and snippets.

Last active October 2, 2023 21:03
Star You must be signed in to star a gist
What would you like to do?
Signing git commits using GPG (Ubuntu/Mac)

Github : Signing commits using GPG (Ubuntu/Mac) 🔐

  • Do you have an Github account ? If not create one.
  • Install required tools
  • Latest Git Client
  • gpg tools
# Ubuntu
sudo apt-get install gpa seahorse
# MacOS with
brew install gpg
  • Generate a new gpg key
gpg --gen-key
  • Answer the questions asked

Note: When asked to enter your email address, ensure that you enter the verified email address for your GitHub account.

  • List generated key
gpg --list-secret-keys --keyid-format LONG
  • Above command should return like this
sec   4096R/<COPY_LONG_KEY> 2016-08-11 [expires: 2018-08-11]
uid                          User Name <>
ssb   4096R/62E5B29EEA7145E 2016-08-11

  • Note down your key COPY_LONG_KEY from above (without < and >)
  • Export this (public) key to a text file
gpg --armor --export <PASTE_LONG_KEY_HERE> > gpg-key.txt
  • Above command will create a new txt file gpg-key.txt

  • Add this key to GitHub

  • Login to Github and goto profile settings

  • Click New GPG Key and paste the contents of gpg-key.txt file then save

  • Tell git client to auto sign your future commits

  • Use the long key from above in next command

git config --global user.signingkey <PASTE_LONG_KEY_HERE>
git config --global commit.gpgsign true
  • You are done, next time when you commit changes; gpg will ask you the passphrase.

Make gpg remember your passphrase (tricky)

To make it remember your password, you can use gpg-agent

Edit your ~/.gnupg/gpg-agent.conf file and paste these lines

default-cache-ttl 28800
max-cache-ttl 28800

28800 seconds means 8 hours

If gpg-agent is not running you can start it with this command

gpg-agent --daemon

Change your key passphrase

gpg --edit-key <PASTE_YOUR_KEY_ID_HERE>

At the gpg prompt type:


Type in the current passphrase when prompted
Type in the new passphrase twice when prompted

Copy link

joe42 commented Nov 15, 2018

Note that when generating the key, use the output of git config --get as the name and git config --get as the email address. Otherwise, committing will fail.

Copy link

Nice! 🤓

Copy link

apoclyps commented Dec 3, 2019

I had issues running this; It failed to sign commits until I added the following:

export GPG_TTY

Copy link

cesc1989 commented Jul 3, 2020

Awesome. Thanks.

Copy link

Great guide thanks!
When I first tried to create a signed commit, it gave an error:

error: gpg failed to sign the data

I fixed it by killing the running agent killall gpg-agent and starting it again with gpg-agent --daemon

Copy link

Thank you! This works with Windows & Powershell as well if you've installed GIT with all of the bundled Unix tools

Copy link

cawa-93 commented May 31, 2022

Is there any way to sign committees without entering a passphrase but using Windows hello?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment