GPG Signing Key For Github

gpggithub.md

• Setup Basic

$ git config --global user.name "name"
$ git config --global user.email "email"

• Installation

# mac
$ brew install gpg
# brew install gpg2 

• Set gpg program into git

$ git config --global gpg.program gpg

• Generate gpg

$ gpg full-generate-key
# input your username
# input your email
# select maximum or size your gpg key 
# recomended 2048 or 4086

• Set signing key

$ gpg --list-secret-keys --keyid-format LONG
//////////////////////////////////////////////
////// Output example copy XXXXXXXXXXXX///////
//////////////////////////////////////////////

/Users/ri7nz/.gnupg/pubring.kbx
-----------------------------
sec   rsa4096/XXXXXXXXXXXXX 2018-12-16 [SC]
      x0x0x0x0x0x0xx00x0xx00x0x0x0x0x0x0x0x0
uid            xyxyxyxyxyxyxyxyx 2018-12-16 [E]
   
$ git config --global user.signingkey XXXXXXXXXXX

$ gpg --armor --export xxxxxxxxxxxxx

# example output &  copy all output
-----BEGIN PGP PUBLIC KEY BLOCK-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END PGP PUBLIC KEY BLOCK-----
# paste in your github.com -> settings SSH & GPG

• Test your GPG

$ echo "test" | gpg --clearsign

• Error

# if Output 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

test
gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device
# 
$  echo "export GPG_TTY=\$(tty)" >> .zshrc # .bashrc or .profile 

• Final

# go to directory project 
$ git add 
$ git commit -S -m "Secure Committing"
$ git push origin master
# check your github commit as verified (y) :D 
# Happy All The Time