Skip to content

Instantly share code, notes, and snippets.

@dfrankland
Forked from xavierfoucrier/gpg-signing.md
Created February 8, 2021 18:32
Show Gist options
  • Save dfrankland/1a7243d6748cb9929172bc4bacb15c1a to your computer and use it in GitHub Desktop.
Save dfrankland/1a7243d6748cb9929172bc4bacb15c1a to your computer and use it in GitHub Desktop.
GPG signing with Git and Github Desktop

Hi Github users,

You can now signed your commits on Github using at least Git 2.18.0 and Github Desktop 1.6.1.

  1. Generate a GPG key and add it to Github: https://help.github.com/articles/generating-a-new-gpg-key (if you don't want to type a passphrase on every commit, you need to press "Enter" when the console will prompt you to type a passphrase)

  2. Configure Git properly by editing the .gitconfig file using the command line git config --global --edit in a terminal, then replace YOUR_GITHUB_EMAIL, YOUR_SIGNING_KEY and GPG_BINARY_PATH with your data

[user]
  name = Xavier Foucrier
  email = YOUR_GITHUB_EMAIL
  signingkey = YOUR_SIGNING_KEY
[gpg]
  program = GPG_BINARY_PATH
[commit]
  gpgsign = true
  • YOUR_GITHUB_EMAIL: the email address used to login on Github
  • YOUR_SIGNING_KEY: the GPG key used to sign commits, should follow the GPG key ID convention, like this example: https://help.github.com/articles/telling-git-about-your-signing-key/#telling-git-about-your-gpg-key-1
  • GPG_BINARY_PATH: the GPG binary file path, depending on your Git install and your operating system:
    • Windows: gpg, gpg.exe or C:\\Program Files\\Git\\usr\\bin\\gpg.exe (can be found using where gpg in a terminal)
    • Mac or Linux: gpg or /usr/local/bin/gpg (can be found using which gpg in a terminal)
  1. Enjoy signed commits with your favorite code editor!

Note that you can temporary disable GPG signed commits by setting gpgsign = false in your .gitconfig file with git config --global commit.gpgsign false

That's all folks! 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment