Skip to content

Instantly share code, notes, and snippets.

@kgnfth

kgnfth/HisgcuKonU2al.md

Created April 9, 2021 05:26
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save kgnfth/51526e7d57713e1817eded7bf22ed037 to your computer and use it in GitHub Desktop.
Save kgnfth/51526e7d57713e1817eded7bf22ed037 to your computer and use it in GitHub Desktop.
Download ZIP
How i sign git commits using Keybase on Ubuntu 20.04 and later.
Raw
HisgcuKonU2al.md

Before following the guide, you should be familiar with GPG and Keybase... oh and Linux ofcourse!

The dollar sign($) means the terminal input.

Requirements

- gpg # which is preinstalled in linux
- git
- zsh
- oh-my-zsh
- keybase

Install requirements

$ sudo apt install git zsh -y
$ sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
$ nano ~/.zshrc
# scroll down until you see plugins=(git)
# add gpg-agent to the list
# plugins=(git gpg-agent)
# hit ctrl+x and enter y
# restart your shell or enter zsh to reload your configuration

Install keybase

$ curl --remote-name https://prerelease.keybase.io/keybase_amd64.deb
$ sudo apt install ./keybase_amd64.deb
$ run_keybase -g # Do not start the gui (env KEYBASE_NO_GUI=1)
$ keybase login

Create a new GPG key on keybase.io

$ keybase pgp gen
Enter your real name, which will be publicly visible in your new key: John Doe
Enter a public email address for your key: john.doe@hotmail.be
Enter another email address (or <enter> when done): 73314940+kgnfth@users.noreply.github.com
Enter another email address (or <enter> when done):
Push an encrypted copy of your new secret key to the Keybase.io server? [Y/n] Y
When exporting to the GnuPG keychain, encrypt private keys with a passphrase? [Y/n] Y
▶ INFO PGP User ID: Fatih Akgun <john.doe@hotmail.be> [primary]
▶ INFO PGP User ID: Fatih Akgun <73314940+kgnfth@users.noreply.github.com>
▶ INFO Generating primary key (4096 bits)
▶ INFO Generating encryption subkey (4096 bits)
▶ INFO Generated new PGP key:
▶ INFO   user: John Doe <john.doe@hotmail.be>
▶ INFO   4096-bit RSA key, ID CA44EF84982FD240, created 2021-04-08
Exporting key to GPG keychain. Enter passphrase to protect the key. Secure passphrases have at least 8 characters.:
Please reenter your passphrase for confirmation:
▶ INFO Exported new key to the local GPG keychain

Set up Git to sign all commits

$ gpg --list-secret-keys --keyid-format LONG
# /home/deejavu/.gnupg/pubring.kbx
# --------------------------------
# sec   rsa4096/CA44EF84982FD240 2021-04-08 [SC] [expires: 2037-04-04]
# uid                 Fatih Akgun <john.doe@hotmail.be>
# uid                 Fatih Akgun <73314940+kgnfth@users.noreply.github.com>
# ssb   rsa4096/048BB4E08E242211 2021-04-08 [E] [expires: 2037-04-04]

$ git config --global user.email 73314940+kgnfth@users.noreply.github.com
$ git config --global user.name Fatih Akgun
$ git config --global user.signingkey CA44EF84982FD240
$ git config --global commit.gpgsign true

Add public GPG key to GitHub

$ open https://github.com/settings/keys
# Click "New GPG key"

# We can then use `export` with the `-q` or query flag to match on our key (the first 16 characters should do..) 
$ keybase pgp export -q CB86A866E870EE00
# copy public key to clipboard
# Paste key, save

That's it, now your git commits are signed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment