-
-
Save mort3za/ad545d47dd2b54970c102fe39912f305 to your computer and use it in GitHub Desktop.
| # Generate a new pgp key: (better to use gpg2 instead of gpg in all below commands) | |
| gpg --gen-key | |
| # maybe you need some random work in your OS to generate a key. so run this command: `find ./* /home/username -type d | xargs grep some_random_string > /dev/null` | |
| # check current keys: | |
| gpg --list-secret-keys --keyid-format LONG | |
| # See your gpg public key: | |
| gpg --armor --export YOUR_KEY_ID | |
| # YOUR_KEY_ID is the hash in front of `sec` in previous command. (for example sec 4096R/234FAA343232333 => key id is: 234FAA343232333) | |
| # Set a gpg key for git: | |
| git config --global user.signingkey your_key_id | |
| # To sign a single commit: | |
| git commit -S -a -m "Test a signed commit" | |
| # Auto-sign all commits globaly | |
| git config --global commit.gpgsign true |
Thanks. It can also be useful to generate your key interactively using gpg --full-generate-key --allow-freeform-uid instead of gpg --gen-key.
If you do not want to sign local commits as you might be rebasing etc. a lot, use following to auto sign only commits that you push out:
git config --global push.gpgSign true
Remove --global to make it a per project configuration
In case of error gpg: signing failed: Inappropriate ioctl for device while signing a commit
use export GPG_TTY=$(tty) in your ~/.bashrc or ~/.zshrc file. source
Cache your password for 1 day (86400 seconds)
~/.gnupg/gpg-agent.conf (for gpg 2)
default-cache-ttl 86400
max-cache-ttl 86400
Reload gpg agent:
gpgconf --reload gpg-agent
Very helpful. thank you!
As a sidenote, I wanted to sign with my keybase key:
keybase pgp export | gpg --import
keybase pgp export -q KEYID --secret | gpg --import --allow-secret-key-import
git config --global user.signingkey KEYID
Thanks,
I also had to do the following:
git config --global gpg.program gpg2
And also needed this in my bashrc otherwise it fails when asking for password (see keybase/keybase-issues#2798):
export GPG_TTY=$(tty)
gpg --list-keys
you always digitally sign with your private key not the public.
Thanks. Also it's better to use
gpg2instead ofgpgin above commands. In this case, you should set gpg2 as default program for gpg in git, To do this: