Skip to content

Instantly share code, notes, and snippets.

@bhuone-garbu
Last active May 8, 2020 12:06
Show Gist options
  • Save bhuone-garbu/4d37f05591d724e678ef8eed4fb4a264 to your computer and use it in GitHub Desktop.
Save bhuone-garbu/4d37f05591d724e678ef8eed4fb4a264 to your computer and use it in GitHub Desktop.
Git signing settings with gnupg on Mac OS

Adding a new pgp keys with pgg-agent

  1. brew install gnupg pinentry-mac (this includes gpg-agent and pinentry)
  2. Generate a key: gpg --full-generate-key
  3. Use at least 4096 bits for RSA keys.
  4. Tell gpg-agent to use pinentry-mac:
vim ~/.gnupg/gpg-agent.conf 

paste in

# Connects gpg-agent to the OSX keychain via the brew-installed$
# pinentry program from GPGtools. This is the OSX 'magic sauce',$
# allowing the gpg key's passphrase to be stored in the login$
# keychain, enabling automatic key signing.$
pinentry-program /usr/local/bin/pinentry-mac

Also tell gpg to use the agent:

vim ~/.gnupg/gpg.conf

Paste in

use-agent
  1. Tell git about it: https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work.
gpg --list-keys
/Users/schacon/.gnupg/pubring.gpg
---------------------------------
pub   rsa4096 2014-06-04 [SC]
        D375F2AG69227695AEDE12DAC793FA377AB5A26
uid           John Doe <john.doe@email.com>
sub   rsa4096 2014-06-04
  
git config --global user.signingkey 0A46826A
  1. Tell git that you are using gpg
git config --global gpg.program gpg
  1. Tell github about it https://help.github.com/articles/adding-a-new-gpg-key-to-your-github-account/
  2. Restart maybe or kill any running gpg-agents. They will not work.
  3. Sign your commits
git commit -S -m 'yolo'
  1. Consider signing all your commits. In ~/.gitconfig:
[commit]
  gpgsign = true

or

$ git config --global commit.gpgsign true

Adding the public GPG on GitHub

View your keys with gpg --list-keys

Generate the rsa key using:

gpg --armor --export your_key

or gpg --armor --export your_key | pbcopy to copy the stdo into your clipboard.

And add it on GitHub.

Deleting keys

gpg --list-keys to list all the key(s) on your machine

then: gpg --delete-key your_key

If there is a secret key associate with the above public, you will be prompted on the terminal. You need to delete the secret key as well.

gpg --delete-secret-key {your_key}

Confirm yes on several prompts to really delete your key.

then try: gpg --delete-key {your_key} to delete it.

Confirm your key list with gpg --list-keys command again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment