Skip to content

Instantly share code, notes, and snippets.

@karstenmueller

karstenmueller/gpg-git-macos.md

Last active January 15, 2021 14:04
Show Gist options
  • Save karstenmueller/c531725c66e552e14a90fbf2369a32cc to your computer and use it in GitHub Desktop.
Save karstenmueller/c531725c66e552e14a90fbf2369a32cc to your computer and use it in GitHub Desktop.
Download ZIP
GnuPG setup on macOS
Raw
gpg-git-macos.md

Enable gpg signed git commits on macOS without entering password

GnuPG and git setup in a nutshell

Install tools:

brew install gnupg pinentry-mac

Configure the tty for gpg in your shell profile:

export GPG_TTY=$(tty)

Generate a key and choose 4096 as Key length (minimum):

gpg --full-generate-key

List your key(s):

gpg --list-secret-keys --keyid-format LONG

sec   rsa4096/XXX

Create a revokation cert and export keys. Save ~/.gnupg in a save place.

gpg --output ~/.gnupg/revoke.asc --gen-revoke
gpg --export > ~/.gnupg/public_keys.pgp
gpg --export-secret-keys > ~/.gnupg/secret_keys.pgp

Copy public key to clipboard, then add it to GitHub settings -> keys

gpg --armor --export XXX | pbcopy

Configure git:

git config --global user.signingkey XXX
git config --global commit.gpgsign true

Avoid typing in your password

Add '/usr/local/bin/pinentry-mac' in ~/.gnupg/gpg-agent.conf.

Test it:

date > doc
gpg --output doc.sig --sign doc

That should start Pinentry UI which starts gpg-agent and asks for your password. Optionally saves your Key password in macOS keychain.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment