Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Auto sign your git commits
# Generate a new pgp key: (better to use gpg2 instead of gpg in all below commands)
gpg --gen-key
# maybe you need some random work in your OS to generate a key. so run this command: `find ./* /home/username -type d | xargs grep some_random_string > /dev/null`
# check current keys:
gpg --list-secret-keys --keyid-format LONG
# See your gpg public key:
gpg --armor --export YOUR_KEY_ID
# YOUR_KEY_ID is the hash in front of `sec` in previous command. (for example sec 4096R/234FAA343232333 => key id is: 234FAA343232333)
# Set a gpg key for git:
git config --global user.signingkey your_key_id
# To sign a single commit:
git commit -S -a -m "Test a signed commit"
# Auto-sign all commits globaly
git config --global commit.gpgsign true
@mjavadhpour

This comment has been minimized.

Copy link

@mjavadhpour mjavadhpour commented Oct 11, 2017

Nice. but it can more clearly if we say what is the your_key_id

When you execute this command:

gpg --list-secret-keys --keyid-format LONG

You must to see this result if you have previously generated code:

$ gpg --list-keys
/Users/schacon/.gnupg/pubring.gpg
---------------------------------
pub   2048R/0A46826A 2014-06-04
uid                  Scott Chacon (Git signing key) <schacon@gmail.com>
sub   2048R/874529A9 2014-06-04

And export key like this:

git config --global user.signingkey 0A46826A
@mort3za

This comment has been minimized.

Copy link
Owner Author

@mort3za mort3za commented Jan 13, 2018

Thanks. Also it's better to use gpg2 instead of gpg in above commands. In this case, you should set gpg2 as default program for gpg in git, To do this:

sudo apt-get install gnupg2
git config --global gpg.program gpg2
@slmg

This comment has been minimized.

Copy link

@slmg slmg commented Oct 8, 2019

Thanks. It can also be useful to generate your key interactively using gpg --full-generate-key --allow-freeform-uid instead of gpg --gen-key.

@rsjethani

This comment has been minimized.

Copy link

@rsjethani rsjethani commented Apr 17, 2020

If you do not want to sign local commits as you might be rebasing etc. a lot, use following to auto sign only commits that you push out:
git config --global push.gpgSign true
Remove --global to make it a per project configuration

@mort3za

This comment has been minimized.

Copy link
Owner Author

@mort3za mort3za commented Apr 30, 2020

In case of error gpg: signing failed: Inappropriate ioctl for device while signing a commit

use export GPG_TTY=$(tty) in your ~/.bashrc or ~/.zshrc file. source

Cache your password for 1 day (86400 seconds)

~/.gnupg/gpg-agent.conf (for gpg 2)

default-cache-ttl 86400
max-cache-ttl 86400

Reload gpg agent:
gpgconf --reload gpg-agent

@konsumer

This comment has been minimized.

Copy link

@konsumer konsumer commented May 19, 2020

Very helpful. thank you!

As a sidenote, I wanted to sign with my keybase key:

keybase pgp export | gpg --import
keybase pgp export -q KEYID --secret | gpg --import --allow-secret-key-import
git config --global user.signingkey KEYID
@tkotosz

This comment has been minimized.

Copy link

@tkotosz tkotosz commented Sep 8, 2020

Thanks,

I also had to do the following:

git config --global gpg.program gpg2

And also needed this in my bashrc otherwise it fails when asking for password (see keybase/keybase-issues#2798):

export GPG_TTY=$(tty)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment