Skip to content

Instantly share code, notes, and snippets.

@engalar

engalar/gpg_git_signing.md

Forked from alopresto/gpg_git_signing.md
Last active May 10, 2018 05:12
Show Gist options
  • Save engalar/9511d75e42036f361c727381f3c2d6f8 to your computer and use it in GitHub Desktop.
Save engalar/9511d75e42036f361c727381f3c2d6f8 to your computer and use it in GitHub Desktop.
Download ZIP
Steps to enable GPG signing of git commits.
Raw
gpg_git_signing.md

If anyone is interested in setting up their system to automatically (or manually) sign their git commits with their GPG key, here are the steps:

windows

cd C:\Program Files (x86)\GNU\GnuPG
.\gpg.exe --gen-key # 4096
.\gpg.exe --list-secret-keys --keyid-format LONG

.\gpg.exe --armor --export 3AA5C34371567BD2

linux

gpg --gen-key # 4096
gpg --list-secret-keys --keyid-format LONG
gpg --armor --export 3AA5C34371567BD2
  1. Generate and add your key to GitHub
  2. $ git config --global commit.gpgsign true ([OPTIONAL] every commit will now be signed)
  3. $ git config --global user.signingkey ABCDEF01 (where ABCDEF01 is the fingerprint of the key to use)
  4. $ git config --global alias.logs "log --show-signature" (now available as $ git logs)
  5. $ git config --global alias.cis "commit -S" (optional if global signing is false)
  6. $ echo "Some content" >> example.txt
  7. $ git add example.txt
  8. $ git cis -m "This commit is signed by a GPG key." (regular commit will work if global signing is enabled)
  9. $ git logs

IntelliJ IDEA Integration

If you perform git commits through IntelliJ and want them to be signed, add the following line to your ~/.gnupg/gpg.conf or windows %APPDATA%\gnupg\gpg.conf file:

# This option tells gpg not to expect a TTY interface and allows IntelliJ to sign commits
no-tty

Atlassian SourceTree Integration

If you perform git commits through SourceTree and want them to be signed, open Preferences > General and ensure that the GPG Program field has the value set to the directory containing the gpg2 executable, for example /usr/local/MacGPG2/bin. Even if your gpg executable is version 2, the gpg2 executable must be present.

Then click the Settings icon at the top right of a repository window, click the Security icon, and check "Enable GPG key signing for commits" and select the desired key. If you have a default-key setting in ~/.gnupg/gpg.conf, this should be correctly populated already.

Resources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment