Skip to content

Instantly share code, notes, and snippets.

@jairoFernandez
Forked from kgnfth/HisgcuKonU2al.md
Created October 14, 2023 21:40
Show Gist options
  • Save jairoFernandez/abebc7404584a07ac68c93f4a99b0fdd to your computer and use it in GitHub Desktop.
Save jairoFernandez/abebc7404584a07ac68c93f4a99b0fdd to your computer and use it in GitHub Desktop.
How i sign git commits using Keybase on Ubuntu 20.04 and later.

Before following the guide, you should be familiar with GPG and Keybase... oh and Linux ofcourse!

The dollar sign($) means the terminal input.

Requirements

- gpg # which is preinstalled in linux
- git
- zsh
- oh-my-zsh
- keybase

Install requirements

$ sudo apt install git zsh -y
$ sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
$ nano ~/.zshrc
# scroll down until you see plugins=(git)
# add gpg-agent to the list
# plugins=(git gpg-agent)
# hit ctrl+x and enter y
# restart your shell or enter zsh to reload your configuration

Install keybase

$ curl --remote-name https://prerelease.keybase.io/keybase_amd64.deb
$ sudo apt install ./keybase_amd64.deb
$ run_keybase -g # Do not start the gui (env KEYBASE_NO_GUI=1)
$ keybase login

Create a new GPG key on keybase.io

$ keybase pgp gen
Enter your real name, which will be publicly visible in your new key: John Doe
Enter a public email address for your key: john.doe@hotmail.be
Enter another email address (or <enter> when done): 73314940+kgnfth@users.noreply.github.com
Enter another email address (or <enter> when done):
Push an encrypted copy of your new secret key to the Keybase.io server? [Y/n] Y
When exporting to the GnuPG keychain, encrypt private keys with a passphrase? [Y/n] Y
▶ INFO PGP User ID: Fatih Akgun <john.doe@hotmail.be> [primary]
▶ INFO PGP User ID: Fatih Akgun <73314940+kgnfth@users.noreply.github.com>
▶ INFO Generating primary key (4096 bits)
▶ INFO Generating encryption subkey (4096 bits)
▶ INFO Generated new PGP key:
▶ INFO   user: John Doe <john.doe@hotmail.be>
▶ INFO   4096-bit RSA key, ID CA44EF84982FD240, created 2021-04-08
Exporting key to GPG keychain. Enter passphrase to protect the key. Secure passphrases have at least 8 characters.:
Please reenter your passphrase for confirmation:
▶ INFO Exported new key to the local GPG keychain

Set up Git to sign all commits

$ gpg --list-secret-keys --keyid-format LONG
# /home/deejavu/.gnupg/pubring.kbx
# --------------------------------
# sec   rsa4096/CA44EF84982FD240 2021-04-08 [SC] [expires: 2037-04-04]
# uid                 Fatih Akgun <john.doe@hotmail.be>
# uid                 Fatih Akgun <73314940+kgnfth@users.noreply.github.com>
# ssb   rsa4096/048BB4E08E242211 2021-04-08 [E] [expires: 2037-04-04]

$ git config --global user.email 73314940+kgnfth@users.noreply.github.com
$ git config --global user.name Fatih Akgun
$ git config --global user.signingkey CA44EF84982FD240
$ git config --global commit.gpgsign true

Add public GPG key to GitHub

$ open https://github.com/settings/keys
# Click "New GPG key"

# We can then use `export` with the `-q` or query flag to match on our key (the first 16 characters should do..) 
$ keybase pgp export -q CB86A866E870EE00
# copy public key to clipboard
# Paste key, save

That's it, now your git commits are signed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment