Skip to content

Instantly share code, notes, and snippets.

@richfitz

richfitz/github_gpg_key.md

Forked from ankurk91/github_gpg_key.md
Last active March 18, 2021 19:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save richfitz/d3fccbda5b5af2723139e4445a9f3655 to your computer and use it in GitHub Desktop.
Save richfitz/d3fccbda5b5af2723139e4445a9f3655 to your computer and use it in GitHub Desktop.
Download ZIP
Github : Signing commits using GPG (Ubuntu/Mac)
Raw
github_gpg_key.md

Github : Signing commits using GPG (Ubuntu/Mac) 🔐

  • Do you have an Github account ? If not create one.
  • Install required tools
  • Latest Git Client
  • gpg tools
# Ubuntu
sudo apt-get install gpa seahorse
# MacOS with https://brew.sh/
brew install gpg
  • Generate a new gpg key
gpg --gen-key
  • Answer the questions asked

Note: When asked to enter your email address, ensure that you enter the verified email address for your GitHub account.

  • List generated key
gpg --list-secret-keys --keyid-format LONG
  • Above command should return like this
/home/username/.gnupg/secring.gpg
-------------------------------
sec   4096R/<COPY_LONG_KEY> 2016-08-11 [expires: 2018-08-11]
uid                          User Name <user.name@email.com>
ssb   4096R/62E5B29EEA7145E 2016-08-11
  • Note down your key COPY_LONG_KEY from above (without < and >)
  • Export this (public) key to a text file
gpg --armor --export <PASTE_LONG_KEY_HERE> > gpg-key.txt

  • Above command will create a new txt file gpg-key.txt

  • Add this key to GitHub

  • Login to Github and goto profile settings

  • Click New GPG Key and paste the contents of gpg-key.txt file then save

  • Tell git client to auto sign your future commits

  • Use the long key from above in next command

git config --global user.signingkey <PASTE_LONG_KEY_HERE>
git config --global commit.gpgsign true
  • You are done, next time when you commit changes; gpg will ask you the passphrase.

Make gpg remember your passphrase (tricky)

To make it remember your password, you can use gpg-agent

Edit your ~/.gnupg/gpg-agent.conf file and paste these lines

default-cache-ttl 28800
max-cache-ttl 28800

28800 seconds means 8 hours

If gpg-agent is not running you can start it with this command

gpg-agent --daemon

Change your key passphrase

gpg --edit-key <PASTE_YOUR_KEY_ID_HERE>

At the gpg prompt type:

passwd

Type in the current passphrase when prompted
Type in the new passphrase twice when prompted
Type:

save

Associate additional emails

gpg --edit-key <PASTE_YOUR_KEY_ID_HERE>

At the gpg prompt type:

adduid

Answer the questions to add your additional email address then save by typing at the prompt

save

Regenerate the key and replace the key on github

Import GitHub's public key

$ curl https://github.com/web-flow.gpg | gpg --import
$ gpg --edit-key noreply@github.com
gpg> trust
gpg> save
$ gpg --lsign-key noreply@github.com

Reference links

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment