Skip to content

Instantly share code, notes, and snippets.

Last active January 30, 2024 10:31
Star You must be signed in to star a gist
Save mort3za/ad545d47dd2b54970c102fe39912f305 to your computer and use it in GitHub Desktop.
Auto sign your git commits
# Generate a new pgp key: (better to use gpg2 instead of gpg in all below commands)
gpg --gen-key
# maybe you need some random work in your OS to generate a key. so run this command: `find ./* /home/username -type d | xargs grep some_random_string > /dev/null`
# check current keys:
gpg --list-secret-keys --keyid-format LONG
# See your gpg public key:
gpg --armor --export YOUR_KEY_ID
# YOUR_KEY_ID is the hash in front of `sec` in previous command. (for example sec 4096R/234FAA343232333 => key id is: 234FAA343232333)
# Set a gpg key for git:
git config --global user.signingkey your_key_id
# To sign a single commit:
git commit -S -a -m "Test a signed commit"
# Auto-sign all commits globaly
git config --global commit.gpgsign true
Copy link

mjavadhpour commented Oct 11, 2017

Nice. but it can more clearly if we say what is the your_key_id

When you execute this command:

gpg --list-secret-keys --keyid-format LONG

You must to see this result if you have previously generated code:

$ gpg --list-keys
pub   2048R/0A46826A 2014-06-04
uid                  Scott Chacon (Git signing key) <>
sub   2048R/874529A9 2014-06-04

And export key like this:

git config --global user.signingkey 0A46826A

Copy link

mort3za commented Jan 13, 2018

Thanks. Also it's better to use gpg2 instead of gpg in above commands. In this case, you should set gpg2 as default program for gpg in git, To do this:

sudo apt-get install gnupg2
git config --global gpg.program gpg2

Copy link

slmg commented Oct 8, 2019

Thanks. It can also be useful to generate your key interactively using gpg --full-generate-key --allow-freeform-uid instead of gpg --gen-key.

Copy link

rsjethani commented Apr 17, 2020

If you do not want to sign local commits as you might be rebasing etc. a lot, use following to auto sign only commits that you push out:
git config --global push.gpgSign true
Remove --global to make it a per project configuration

Copy link

mort3za commented Apr 30, 2020

In case of error gpg: signing failed: Inappropriate ioctl for device while signing a commit

use export GPG_TTY=$(tty) in your ~/.bashrc or ~/.zshrc file. source

Cache your password for 1 day (86400 seconds)

~/.gnupg/gpg-agent.conf (for gpg 2)

default-cache-ttl 86400
max-cache-ttl 86400

Reload gpg agent:
gpgconf --reload gpg-agent

Copy link

konsumer commented May 19, 2020

Very helpful. thank you!

As a sidenote, I wanted to sign with my keybase key:

keybase pgp export | gpg --import
keybase pgp export -q KEYID --secret | gpg --import --allow-secret-key-import
git config --global user.signingkey KEYID

Copy link

tkotosz commented Sep 8, 2020


I also had to do the following:

git config --global gpg.program gpg2

And also needed this in my bashrc otherwise it fails when asking for password (see keybase/keybase-issues#2798):

export GPG_TTY=$(tty)

Copy link

gpg --list-keys

you always digitally sign with your private key not the public.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment