GPG Key configuration for dummies

README.md

Description

This gist will help you to create your first GPG key, as a summary from some pages. I hope to help you a lot with this configuration for the Verified icon in your commits and tags. Please, comment this gist if you have any problem to solve it and improve this guide.

Let's begin:

Short way

Summary (in Ubuntu)

# Installation
sudo apt-get install gpg
gpg --gen-key
export GPG_ID=$(gpg --list-secret-keys --keyid-format long | grep -Po "(?<=sec.{10}\/).*(?= \d{4}-\d{2}-\d{2} \[SC\])")

# Git config
git config --global user.name "name"
git config --global user.email "my_email@example.com"
git config --global user.signingkey $GPG_ID
git config --global gpg.program gpg
git config --global commit.gpgsign true
git config --global tag.gpgsign true

# To add in ~/.bashrc
echo "export GPG_TTY=\$(tty)" >> ~/.bashrc
source ~/.bashrc

# GPG Key for GitHub
gpg --armor --export $GPG_ID

# Test
echo "test" | gpg --clearsign

Long way

Local Configuration

Installing GPG

You need to install GPG first in your system. For Ubuntu, the command is:

sudo apt-get install gpg

You can check a right installation with gpg --version command.

Creating GPG Key

Next command creates a GPG key in your computer:

gpg --gen-key

And this one asks you for your name and your email address:

Real name: Juan
Email address: juan@example.com

Next, you can put a passphrase for GPG key. It is a recommended practice:

Getting GPG key ID

That key will be store as a secret key (sec) and we need to know the public key for Git and GitHub configuration. To get the GPG key ID we use:

gpg --list-secret-keys --keyid-format long

The output is something like this:

sec   rsa4096/0E6198DFB2D67A26 2019-09-05 [SC]
      CD1EA7BE24508E01E47010DB0E6198DFB2D67A26
uid                 [ultimate] Juan <juan@example.com>
ssb   rsa4096/0AA338E3ABA6930F 2019-09-05 [E]

In sec, after first /, we found 0E6198DFB2D67A26. This hash represents GPG key ID.

Git configuration

We need to define in git config file the configuration for GPG key. First, we must have email and name defined:

git config --global user.name "Juan"
git config --global user.email "juan@example.com"

We are going to bring to git the secret key ID:

git config --global user.signingkey 0E6198DFB2D67A26

Also, we are going to configure GPG environment, define GPG program and enable commit and tag sign:

git config --global gpg.program gpg
git config --global commit.gpgsign true
git config --global tag.gpgsign true

If this configuration is good, you are going to see this with git config --list:

...
user.signingkey=0E6198DFB2D67A26
user.email=juan@example.com
user.name=Juan
commit.gpgsign=true
gpg.program=gpg
tag.gpgsign=true
...

Testing GPG program

If you run echo "test" | gpg --clearsign, a command for testing GPG functionality, you are going to receive an error:

gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device

For solving this, add this to your .bashrc file:

export GPG_TTY=$(tty)

And then, restart the shell or execute source ~/.bashrc.

GitHub Configuration

GitHub requires the GPG public key so, using GPG key ID, do this:

gpg --armor --export GPG-KEY-ID

The whole output must be in GitHub. Copy it and go to GitHub top-right menu > Settings > SSH and GPG Keys > New GPG Keys and paste the text.

Using GPG Key

Now, when you create a commit, this will be signed. If you skip git config --global commit.gpgsign true or put false, you must put git commit -S -m "my commit" or put for tag git tag -s v1.10.

Related links

• GPG Github Documentation
• Blog about GPG config
• Comment from paolocarrascoo