brew install gpg pinentry pinentry-mac
gpg --full-generate-key
- Use RSA, 4096bits
Create directory and give correct permissions
mkdir -p ~/.gnupg
find ~/.gnupg -type f -exec chmod 600 {} \;
find ~/.gnupg -type d -exec chmod 700 {} \;
File `~/.gnupg/gpg-agent.conf
# Enables GPG to find gpg-agent
use-standard-socket
# Connects gpg-agent to the OSX keychain via the brew-installed
# pinentry program from GPGtools. This is the OSX 'magic sauce',
# allowing the gpg key's passphrase to be stored in the login
# keychain, enabling automatic key signing.
pinentry-program /usr/local/bin/pinentry-mac
File ~/.gnupg/gpg.conf
# Uncomment within config (or add this line)
use-agent
# This silences the "you need a passphrase" message once the passphrase handling is all set.
# Use at your own discretion - may prevent the successful interactive use of some operations.
# It is working fine for my use cases though.
batch
# Ensures the cross certification "back signature" on the subkey is present and
# valid. This protects against a subtle attack against subkeys that can sign.
require-cross-certification
Find your GPG Key ID
gpg --list-secret-keys --keyid-format LONG
Copy Key to Clipboard
gpg --armor --export <KEY ID> | pbcopy
Store in Bitbucket Server
under User
-> Manage Account
-> GPG Keys
Configure Git globally to use this key
git config --global user.signingkey <KEY ID>
Copy the symlink to make Sourcetree find the GPG program
cp -a /usr/local/bin/gpg /usr/local/bin/gpg2
git config --global gpg.program gpg2