Skip to content

Instantly share code, notes, and snippets.

@patoi

patoi/signing-commits.md

Last active December 28, 2019 13:23
Show Gist options
  • Save patoi/6cd111fbae6d10db4325321b628073de to your computer and use it in GitHub Desktop.
Save patoi/6cd111fbae6d10db4325321b628073de to your computer and use it in GitHub Desktop.
Download ZIP
Signing commits
Raw
signing-commits.md

Generating GPG key

gpg --full-generate-key

Choose default RSA, set to 4096.

Setting git local repo config

gpg --list-secret-keys --keyid-format LONG

Output: sec rsa4096/<KEY ID> 2019-12-28 [SC] ...

<KEY ID> is the identifier of your key.

git config commit.gpgsign true
git config user.signingkey <KEY ID>

If you want to set as global, then use --global flag in git commands: git config --global commit.gpgsign true && git config --global user.signingkey <KEY ID>

Read the Tips

Setting up on GitHub

Before you start, read the notice: Before generating a new GPG key, make sure you've verified your email address.

Create a pubkey export: gpg --armor --export <KEY ID>

Go to: https://github.com/settings/keys

Click on New GPG key button.

Copy th whole text with start line (-----BEGIN PGP PUBLIC KEY BLOCK-----) and last line (-----END PGP PUBLIC KEY BLOCK-----).

Click on Add GPG key button.

First commit

git commit -S -m "your commit message"

Checking: after git push go to the github repo, and click on ... commits link.

You will see the Verified badge on the last commit. Click on this badge, you will see more information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment