Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to set up git to use the GPG Suite

GPG and git on macOS

Setup

No need for homebrew or anything like that. Works with https://www.git-tower.com and the command line.

  1. Install https://gpgtools.org -- I'd suggest to do a customized install and deselect GPGMail.
  2. Create or import a key -- see below for https://keybase.io
  3. Run gpg --list-secret-keys and look for sec, use the key ID for the next step
  4. Configure git to use GPG -- replace the key with the one from gpg --list-secret-keys
git config --global gpg.program /usr/local/MacGPG2/bin/gpg2
git config --global user.signingkey A6B167E1 
git config --global commit.gpgsign true 
  1. Optionally configure annotated tags to be GPG signed
git config --global tag.forceSignAnnotated true
  1. Add this line to ~/.gnupg/gpg-agent.conf
pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
  1. Add this line to ~/.gnupg/gpg.conf
no-tty

Keybase.io

Import key to GPG on another host

% keybase pgp export
% keybase pgp export -q CB86A866E870EE00 | gpg --import
% keybase pgp export -q CB86A866E870EE00 --secret | gpg --allow-secret-key-import --import

Add public GPG key to GitHub

% open https://github.com/settings/keys
% keybase pgp export -q CB86A866E440EE00 | pbcopy

See Also

@maxcountryman

This comment has been minimized.

maxcountryman commented Jul 15, 2016

This doesn't seem to work for me, I get this error:

gpg: Sorry, no terminal at all requested - can't get input
error: gpg failed to sign the data
fatal: failed to write commit object
@clburlison

This comment has been minimized.

clburlison commented Jul 28, 2016

Sweet! Thank you so much. An option that works with GUI git clients, and the command line. With a huge bonus of not needing to use Homebrew!

@osteslag

This comment has been minimized.

osteslag commented Aug 4, 2016

@maxcountryman, instead of using which gpg to specify the GPG executable, use MacGPG2’s binary, like this:

git config --global gpg.program /usr/local/MacGPG2/bin/gpg2

@danieleggert, maybe you want to update your Gist (line 12, I can’t make a pull request on a Gist). Because if you also have a default installation of gpg on your Mac, that will probably be invoked instead, and you’ll get the error Max reported.

@nhooyr

This comment has been minimized.

nhooyr commented Aug 8, 2016

why not just /usr/local/bin/pinentry-mac? And why which gpg? I think gpg on its own should suffice.

@osteslag

This comment has been minimized.

osteslag commented Aug 8, 2016

why not just /usr/local/bin/pinentry-mac?

Because it’s not guaranteed to be there (it not on my set up, for example). /usr/local/MacGPG2/bin/gpg2 is guaranteed, because it’s in the GPG Suite app bundle which this whole Gist is centered around.

I think gpg on its own should suffice.

Only if /usr/local/MacGPG2/bin is in your search path (try echo $PATH in the Terminal) and there is no other gpg under an earlier search path. The GPG Suite installer seems to append the search path. But in Max’ and my case, it fails due to another gpg being installed as well (/usr/local/bin/ in my case).

By using the fully qualified executable path, it just works.

@jhabdas

This comment has been minimized.

jhabdas commented Aug 19, 2016

I'd tried following the @mbhatfield steps before and never got things quite right. This approach was much easier though I did need to incorporate the changes suggested by @osteslag. Thanks for putting this together!

@RichardBronosky

This comment has been minimized.

RichardBronosky commented Dec 1, 2016

Are you guys seriously living without homebrew? Why would you do that to yourself?

@danieleggert

This comment has been minimized.

Owner

danieleggert commented Feb 15, 2017

@osteslag I’ve changed the line for gpg.program

@danieleggert

This comment has been minimized.

Owner

danieleggert commented Feb 15, 2017

@RichardBronosky I’d never install homebrew on my system. It messes up my system. It adds a slew of security problems.

@shreyasminocha

This comment has been minimized.

shreyasminocha commented Jul 8, 2017

@danieleggert What security issues does homebrew open up?

@diego898

This comment has been minimized.

diego898 commented Nov 16, 2017

For some reason this isn't working for me - I still get the:

error: gpg failed to sign the data
fatal: failed to write commit object

after trying to commit with auto-sign

@shal

This comment has been minimized.

shal commented Jan 2, 2018

Thank you soooo much!

@LondonAppDev

This comment has been minimized.

LondonAppDev commented Jan 29, 2018

Excellent thank you!

@BetaF1sh

This comment has been minimized.

BetaF1sh commented Mar 16, 2018

thank you :D

@KIVagant

This comment has been minimized.

KIVagant commented May 3, 2018

Thanks

@ossareh

This comment has been minimized.

ossareh commented May 9, 2018

@shreyasminocha if you use homebrew brew cask install gpg-suite will give you the same setup as installing the software from the site. In which case these steps work perfectly.

Thanks @danieleggert and @osteslag

@sarkis

This comment has been minimized.

sarkis commented Jun 13, 2018

For anyone else having this issue after following the directions:

error: gpg failed to sign the data
fatal: failed to write commit object

You need to remember to restart the gpg-agent - running this will kill the agent and start next time it is needed:

$ gpgconf --kill gpg-agent
@mverleg

This comment has been minimized.

mverleg commented Aug 4, 2018

@sarkis Thanks, restarting was the missing step for me

@mrchief

This comment has been minimized.

mrchief commented Oct 17, 2018

Works like a charm! Thanks!

@tanguyantoine

This comment has been minimized.

tanguyantoine commented Nov 24, 2018

Thank you 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment