- https://help.github.com/articles/generating-a-new-gpg-key/ (and follow other links)
- http://blog.ghostinthemachines.com/2015/03/01/how-to-use-gpg-command-line/
- http://harryrschwartz.com/2014/11/01/automatically-signing-your-git-commits.html
Sum up:
brew install gnupg
gpg --gen-key
# choose key size of 4096
# inform your name and e-mail
# inform a secure passphrase
# the other options are all the default
gpg --armor --export KEY_ID
# copy and add to github: Setting > SSH and GPG keys (https://github.com/settings/keys)
git config --global user.signingkey KEY_ID
# tell git that you have a key
# to sign your commits there are the manual way:
git commit -S -m 'normal message, but the -S tell to sign your commit'
# and the automatic way, add to your .gitconfig the following (git version >2.0):
[commit]
gpgsign = true
# be happy with your verified commits
SourceTree
Learn more