[WINDOWS] How to enable auto-signing Git commits with GnuPG for programs that don't support it natively
This is a step-by-step guide on how to enable auto-signing Git commits with GPG for every applications that don't support it natively (eg. GitHub Desktop, Eclipse, Git Tower, ...)
- Install GPG4Win: this software is a bundle with latest version of GnuPG v2, Kleopatra v3 certificate manager, GNU Privacy Assistant (GPA) v0.9 which is a GUI that uses GTK+, GpgOL and GpgEX that are respectively an extension for MS Outlook and an extension for Windows Explorer shell
- Install Git for Windows: so you can have a *nix based shell, this software is a bundle with latest version of Git which use MINGW environment, a Git bash shell, a Git GUI and an extension for Windows Explorer shell (Make sure your local version of Git is at least 2.0, otherwise Git don't have support for automatically sign your commits)
- Verify if Git was successfully installed with:
$ git --version # git version 2.15.1.windows.2
Remember that Git for Windows install old 1.4.xx version of GnuPG (provided through MINGW environment), but this is irrelevant, as we are going to manually specify which GnuPG program our Git must be using (which is the GnuPG version installed by GPG4Win)!
- Install your favorite IDE with Git support, like:
- GitHub Desktop: https://desktop.github.com/
- Eclipse: https://www.eclipse.org/downloads/ with one of Git plugin (mandatory)
- Generate your GPG keys:
gpg --full-generate-key
- 4
- 4096
- Enter additional details
gpg --armor --export (-join (gpg --list-secret-keys --keyid-format=long) -replace '.*?rsa4096\/(\w+)\s.*','$1')|set-clipboard;Write-Information 'Value stored in Clipboard' -InformationAction Continue
- Add public GPG key to GitHub: open https://github.com/settings/keys then click "New GPG key", paste your public key and click "Add GPG key"
- Set up Git to auto-sign all commits: this change your global configuration of Git, if you would like to add auto-sign on a single repository, remove
--global
from commandgit config --global user.signingkey (-join (gpg --list-secret-keys --keyid-format=long) -replace '.*?rsa4096\/(\w+)\s.*','$1') git config --global gpg.program "$((gcm gpg.exe).path)" git config --global commit.gpgsign true
- Optional: try disable TTY if you have problems with making auto-signed commits from your IDE or other software
In my specific case, this point was mandatory.
$ echo 'no-tty' >> ~/.gnupg/gpg.conf
Simple press "Commit" button on your favorite IDE, you see a simple window that ask your key password!
Remember that GPG4Win install also a GPG agent, that remember your password for a limited times (I think 30 minutes) by default, so you don't have to enter your password every time!! (IMHO there is a setting for change it, but I haven't search it yet).
That's all!