Use keybase gpg key for git commit signing on MacOS

README.md

Install gpg

Install homebrew

ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Install gpg

brew install gnupg

Install Keybase and export your gpg key

https://keybase.io/download and Ensure the keybase cli is in your PATH

First get the public key

keybase pgp export | gpg --import

Next get the private key

keybase pgp export --secret | gpg --allow-secret-key --import

Check that your key has been imported

gpg --list-secret-keys --keyid-format LONG

sec   rsa4096/<keyid> 2015-05-27 [SCEA]
uid                 [unknown] Henrik Andersson <henrik@henrikandersson.org>
ssb   rsa2048/<anotherkeyid> 2015-05-27

The email address should match your Github email.

The <keyid> part is what you need next. By default this key is untrusted, so we'll fix that.

Edit key trust

$ gpg --edit-key <keyid>
gpg> trust
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

Configure git to use your gpg key for signing

$ git config --global user.signingkey <keyid>
$ git config --global commit.gpgsign true

Install pinentry to facilitate password prompt when signing commits

brew install pinentry-mac

Configure gpg-agent to use pinentry for password prompting

echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf